[tac_plus] Password Bug
Dan Schmidt
dan.schmidt at uplinkdata.com
Thu Aug 30 20:35:02 UTC 2007
Thank you for your excellent work on tac_plus.
If I encrypt the word "password1" I can use just about any variation of
password* and get in. password, password1,password2, password45... they
all will log me in. That is a big security hole.
Thank you for your time,
-Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20070830/137c0caa/attachment.html
More information about the tac_plus
mailing list