Posted: Thu Jul 03, 2008 12:22 Post subject: re: insecure ssh login - works with any passwd
Hi sorry if this is the wrong section, i wasn't sure if this right place to put this in. I just found something which kinda worried me a bit.
I tried logging into my router via ssh, and typed the password wrong, (missed the last digit) I expected an error but was shocked when it let me in.... I tried again thinking it might have been a type by be n i did put it in.. n it worked again.. so i tried another 5 numbers after the password and it still worked :S... ..
so for example.. if my password was:
passwd123
I logged in with "passwd67" twice
and then was able to also log in with passwd6754567
???
I'm sure that shouldn't work should it?? bug?? or am i being a bit umm paranoid lol..anyone else found this??
Regards
Arnie
(could this be because it only recognises the first 8 characters??)