Ubuntu 8.10 Password Bug


Hello everybody, today while I was entering my password at my Ubuntu 8.10 login desktop, by mistake I entered one character more than the actual password. Voila! I had successfully logged on to my user desktop. Everything was working fine. I noticed this was also the case when using administrative applications in ‘System -> Administration’. It also exists for ‘sudo’ (root user) commands used in the terminal. This is a big security vulnerability.

The login is successful if whenever password is entered correctly upto eight characters (or less for smaller passwords), irrespective of length of password.

Login is unsuccessful if password entered wrong upto eighth character.

Suppose if my password is ‘calculator’

Entering following password will give successful login:

  1. calculater
  2. calculatexor
  3. calculat

Many other combinations are possible. The only condition is that the password should correct upto eight characters or less for smaller password.

I didn’t find any bug in launchpad regarding this. So I have filed a bug. Click here to view the status of the bug at Launchpad.

Advertisements

4 Responses

  1. Just passing by.Btw, you website have great content!

  2. see the status of bug in launchpad at the link provided at end of the topic.

  3. Seems to be related to this: http://www.ubuntu.com/usn/usn-663-1

  4. Doesn’t happen for me. Strange.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: