From kessler@celebration.net Fri Apr 11 11:11:27 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id LAA04575 for <bugs@RT-11.MIT.EDU>; Fri, 11 Apr 1997 11:11:26 -0400
Received: from indy.celebration.net by MIT.EDU with SMTP
id AA16162; Fri, 11 Apr 97 10:11:04 EST
Received: (from kessler@localhost)
by celebration.net (8.8.5/8.8.5) id KAA11357
for krb5-bugs@mit.edu; Fri, 11 Apr 1997 10:11:24 -0500 (EST)
Message-Id: <199704111511.KAA11357@celebration.net>
Date: Fri, 11 Apr 1997 10:11:24 -0500 (EST)
From: William Kessler <kessler@celebration.net>
To: krb5-bugs@MIT.EDU
Subject: password length limited to 8 chars with insecure telnet
AT&T email: kessler@celebration.net
6612 E. 75th St.
Indianapolis, IN 46250
System: FreeBSD indy.celebration.net 2.1-STABLE FreeBSD 2.1-STABLE #1: Mon Apr 22 11:18:58 EST 1996 toor@indy.celebration.net:/usr4/sys/compile/EXP i386
A non-secure telnet to a system deamon /usr/local/sbin/telnetd -a none
will not accept users with passwords longer than 8 characters.
Locally create an account with a password longer than 8 characters and no KDC entries.
Then telnet to that machine and try an insecure login using that user id/password.
The attempt will fail while login accounts with 8 character passwords will work.
Have users select shorter passwords if access from insecure client is required.
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id LAA04575 for <bugs@RT-11.MIT.EDU>; Fri, 11 Apr 1997 11:11:26 -0400
Received: from indy.celebration.net by MIT.EDU with SMTP
id AA16162; Fri, 11 Apr 97 10:11:04 EST
Received: (from kessler@localhost)
by celebration.net (8.8.5/8.8.5) id KAA11357
for krb5-bugs@mit.edu; Fri, 11 Apr 1997 10:11:24 -0500 (EST)
Message-Id: <199704111511.KAA11357@celebration.net>
Date: Fri, 11 Apr 1997 10:11:24 -0500 (EST)
From: William Kessler <kessler@celebration.net>
To: krb5-bugs@MIT.EDU
Subject: password length limited to 8 chars with insecure telnet
Show quoted text
>Number: 416
>Category: telnet
>Synopsis: non-secure telnet limited to 8 char passwords
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: hartmans
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 11 11:12:00 EDT 1997
>Last-Modified:
>Originator: William Kessler
>Organization:
William K. Kessler voice: +1 317 570 3063 fax: +1 317 570 3297>Category: telnet
>Synopsis: non-secure telnet limited to 8 char passwords
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: hartmans
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 11 11:12:00 EDT 1997
>Last-Modified:
>Originator: William Kessler
>Organization:
AT&T email: kessler@celebration.net
6612 E. 75th St.
Indianapolis, IN 46250
Show quoted text
>Release: 1.0
>Environment:
X86 FreeBSD 2.1+>Environment:
System: FreeBSD indy.celebration.net 2.1-STABLE FreeBSD 2.1-STABLE #1: Mon Apr 22 11:18:58 EST 1996 toor@indy.celebration.net:/usr4/sys/compile/EXP i386
Show quoted text
>Description:
A non-secure telnet to a system deamon /usr/local/sbin/telnetd -a none
will not accept users with passwords longer than 8 characters.
Show quoted text
>How-To-Repeat:
Locally create an account with a password longer than 8 characters and no KDC entries.
Then telnet to that machine and try an insecure login using that user id/password.
The attempt will fail while login accounts with 8 character passwords will work.
Show quoted text
>Fix:
Have users select shorter passwords if access from insecure client is required.
Show quoted text
>Audit-Trail:
>Unformatted:
X-send-pr-version: 3.99>Unformatted: