Verify Password Authenticates User On Wrong Password

M

maycotte

New member
Joined
Sep 15, 2004
Messages
3
Location
Austin, Tx
CMD_API_VERIFY_PASSWORD returns true (valid=1) for a truncated password.

For example, if the user is 'user' and the password is 'password' but instead you send 'passwor' it retuns valid=1. It seems that it is only authenticating on the first 7 characters...

send:
https://www.domain.com:2222/CMD_API_VERIFY_PASSWORD?user=user&passwd=passwor

returns:
valid=1

Is this a problem??
 
Only if you think it is.

I don't see this result using RHL and using RHEL.

What OS are you using.

Jeff
 
I don't recall which versions of RHL started using long passwords by default.

Jeff
 
You must log in or register to reply here.
Back
Top