ssh password bug

Discussion in 'HyperWRT Firmware' started by lol24h, Apr 14, 2006.

  1. lol24h

    lol24h Network Guru Member

    I'm not sure that it has been reported, but there's a bug in security of HyperWRT +tofu13c , maybe also in thibor's realese...

    If you set once password like this :
    aaabbbccc

    and changed it into :

    aaabbbcccbla

    for ssh session it will work any password containg the first one,
    like : aaabbbccc3245345235325
    :shock:

    i.e. you want to harden the password and you add to your original one some more letters or signs. The old one will still work as well via ssh. :eek:
     
  2. grcore

    grcore Network Guru Member

    if you want to use a longer password for SSH, use a private key instead of regular password authentication.

    the firmware only stores 8 characters of the web password.

    g
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice