[tac_plus] Re: Password Bug

[Kiss Gabor (Bitman)]

> If I encrypt the word "password1" I can use just about any variation of
> password* and get in.  password, password1,password2, password45... they
> all will log me in.  That is a big security hole.   

This is not a bug but a fea^H^H^Hlimitation.
Only the first 8 chars of DES encrypted passwords are significant.

However it would be easy to add MD5 password
enryption... I think over it.

Gabor