Package: passwd Version: 1:4.0.18.1-6 Severity: important Wehen using useradd with an encrypted password the password is limited to eight caracters but this is not mentioned anywhere. Example: Cleartext password "testuserpass" makes encrypted password "33nGdctTISeok". The system then accept "testuser" as password when loging in. Since this is not mentioned anywhere it poses a security risk even if one uses complex password but the 'complexity' is after the first eight characters (which might be a word easily cracked)
-- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8) Versions of packages passwd depends on: ii debianutils 2.17 Miscellaneous utilities specific t ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libpam-modules 0.79-4 Pluggable Authentication Modules f ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libselinux1 1.32-3 SELinux shared libraries ii login 1:4.0.18.1-6 system login tools passwd recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
