password bug

Discussion in 'Bug Reports' started by Channel_Cat, Sep 21, 2004.

  1. Channel_Cat

    Channel_Cat Member

    I noticed i could add anything to my password(when using the webadmin), which is d2ac5wrk (dunno if that does anyhting for you), and it would allow me to enter. an example would be "d2ac5wrkofiabnsdoigbaosies" would let me enter where as "d2ac5wr" would not. Ever heard of this?

    --using litespeed 2 standard (latest release)
  2. mistwang

    mistwang LiteSpeed Staff

    That's the limit of the DES algorithm used in crypt() function, only the first 8 characters of the password are used to generate the encrypted password, the rest are ignored.
    I think Apache is the same, isn't it? :roll:

    George Wang
  3. Channel_Cat

    Channel_Cat Member

    ohhhh okay, i was just worried about people logging in and stuff if i had a shorter password, thanks :D

Share This Page