Nexenta Project - Security Problem? - The Nexenta Project

Added by Jason Spencer about 1 month ago

Not sure here, so I am asking for some input and help. Let's say I set my password for root as 12345 on my nexenta system. Now if I type 123456 to login in. It takes that password! It appear that there is a security bug here? I can type in my correct password and add any character after the correct password and the system will accept it. Is this normal? Am I missing something or is this a bug I found?

Any feedback is greatly appreciated.

Jason

RE: Security Problem? - Added by Linda Kateley about 1 month ago

are you running ncp? i have tried this on a recently patched nexentastor and can't reproduce.

lk

RE: Security Problem? - Added by Jason Spencer about 1 month ago

Yes I am running ncp.

Jason

RE: Security Problem? - Added by j. blun about 1 month ago

This was discussed earlier. You should set CRYPT_DEFAULT=2a in '/etc/security/policy.conf' to solve it.

Security Problem?

Replies

RE: Security Problem? - Added by Linda Kateley about 1 month ago

RE: Security Problem? - Added by Jason Spencer about 1 month ago

RE: Security Problem? - Added by j. blun about 1 month ago