From: dballester@KERNPHARMA.COM
Date: Wed Jun 25 2003 - 06:39:45 EDT
Here comes the explanation:
---------------------- Remitido por David Ballester/It/KERNPHARMA con fecha
25/06/2003 12:57 p.m. ---------------------------
"Steven Langdale" <Langdale_Steven@perkins.com> con fecha 25/06/2003
12:42:59 p.m.
Destinatarios: dballester@kernpharma.com
CC:
Asunto: Re: URGENT: Anybody with AIX 4.3.3 and a client with REDHAT9?
It's veryimportant, needed to confirm high security bug on AIX
Hello David
That's not a bug. AIX only supports 8 char passwords, if you type in any
more than that are just ignored. The other problem you have is that the
gnome-term is not configured as AIX wants and the backspace is not
deleting, it's just adding more chars to the password string you are
typing. All of these extra chars are ignored, AIX just look at the first
8, and in you go.
Maybe you should post something onto the mail list so other users don't
panic :)
Regards
Steven
dballester@kernp
harma.com To:
Langdale_Steven@perkins.com
cc:
06/25/2003 11:28
Subject: Re: URGENT: Anybody
with AIX 4.3.3 and a client with REDHAT9? It's veryimportant,
needed to confirm high
security bug on AIX
Perkins: Confidential Green Retain Until: 07/25/2003 Retention Category:
G90 - Information and
Reports
Hi Steven:
Here is the problem that i'm having:
Aix 4.3.3 and Gnome-terminal from RedHat9.
The login user on Aix is, for example: kpdadm
The password is : lorenzi0177
From the login screen, in a telnet session from an gnome-terminal, i
login with user kpdadm
In the password field i put lorenzi0 and push backspace key 9 times,
followed by 3 Ctrl+H. Allways this give me session in the Aix server.
I'm testing with diverse password longs and words, and at the moment,
seems to occur only if i put the first 8 correct letters of the password.
Can you reproduce it?
If your password is less than 8 chars, can you create an user with
password > 8 to test if the password long make sense? ( I think that yes ).
Waiting for your news
Thanks and regards
Steven Langdale <Langdale_Steven@PERKINS.COM>@Princeton.EDU> con fecha
25/06/2003 12:23:22 p.m.
Por favor, responda a IBM AIX Discussion List <aix-l@Princeton.EDU>
Enviado por: IBM AIX Discussion List <aix-l@Princeton.EDU>
Destinatarios: aix-l@Princeton.EDU
CC:
Asunto: Re: URGENT: Anybody with AIX 4.3.3 and a client with REDHAT9?
It's very important, needed to confirm high security bug on AIX
David
I have 4.3.3 and Redhat 9 here. Mail me if you would like me to test your
bug.
Thanks
Steven
dballester@KERNP
HARMA.COM To:
aix-l@Princeton.EDU
Sent by: IBM AIX cc:
Discussion List
<aix-l@Princeton
.EDU>
Subject: URGENT: Anybody
with AIX 4.3.3 and a client with REDHAT9? It's very important,
needed to confirm high
security bug on AIX
06/25/2003 11:03
Please respond
to IBM AIX
Discussion List
Perkins: Confidential Green Retain Until: 07/25/2003 Retention Category:
G90 - Information and
Reports
Please, anybody can contact me to make a little test ( no intrusive ) to
confirm a problem that I'm having with telneting to AIX 4.3.3 server with
gnome-terminal that comes with RedHat 9? I can repeat a sequence of keys
that gives me session on Aix for any user, included root, without password.
People from list can verify that i'm on aix-l for a long time.
Thanks
David Ballester
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:57 EDT