re: insecure ssh login - works with any passwd

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
arnie_ahu
DD-WRT Novice


Joined: 30 Apr 2007
Posts: 5

PostPosted: Thu Jul 03, 2008 12:22    Post subject: re: insecure ssh login - works with any passwd Reply with quote
Hi sorry if this is the wrong section, i wasn't sure if this right place to put this in. I just found something which kinda worried me a bit.

I tried logging into my router via ssh, and typed the password wrong, (missed the last digit) I expected an error but was shocked when it let me in.... I tried again thinking it might have been a type by be n i did put it in.. n it worked again.. so i tried another 5 numbers after the password and it still worked :S... Evil or Very Mad ..

so for example.. if my password was:
passwd123

I logged in with "passwd67" twice

and then was able to also log in with passwd6754567

???

I'm sure that shouldn't work should it?? bug?? or am i being a bit umm paranoid lol..anyone else found this??

Regards
Arnie

(could this be because it only recognises the first 8 characters??)
Sponsor
Eko
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 5771

PostPosted: Thu Jul 03, 2008 12:42    Post subject: Re: re: insecure ssh login - works with any passwd Reply with quote
arnie_ahu wrote:


(could this be because it only recognises the first 8 characters??)

Yes, see http://linux.about.com/od/commands/l/blcmdl3_crypt.htm
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum