Honeypots
Re: Roo 1.2 password changing Aug 02 2007 04:19PM
Earl (esammons hush com) (1 replies)
Re: Roo 1.2 password changing Aug 08 2007 04:45PM
Lucretia (lucretias shaw ca)
On Thu, 2007-08-02 at 12:19 -0400, Earl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The db schema that holds the walleye passwd is char/16. We felt
> that given the "mix" requirements this would usually be a
> sufficient length.
>
> I'm not sure if MySQL gives you the full 16 or if there is some
> sort of "end-of-string" char that ends up yielding 15. Will a 15
> (or lower) char password work?

After discussing this off list with Scott, it was determined to be a bug
limiting to eight or nine characters.

I have traditionally used 10 to 17 chars which simply would not work. 8
and 9 work fine.

This is new with Roo 1.2.

Thanks again to Scott for confirming this for me.

>
> Earl
>
>
> On Tue, 31 Jul 2007 10:04:27 -0400 Lucretia <lucretias (at) shaw (dot) ca [email concealed]>
> wrote:
> >Greetings.
> >
> >I have used Roo for a couple years now and like the simple
> >package. I
> >have wiped my 1.1 box for installation of 1.2 which is going fine
> >except
> >for one problem I cannot figure out.
> >
> >When I login to walleye for the first time, it takes me to the
> >change
> >password page. I cannot get past this page. It requests the
> >current
> >password 'honey' and then the new password and a confirm of the
> >new
> >password. The new password is 17 chars with all the prerequisites
> >yet I
> >keep getting one of the two errors
> >
> >'the password is not long enough' or 'the username or password you
> >entered is not valid'.
> >
> >Then I'll generate 'you have exceeded the maximum number of login
> >attempts.
> >
> >But then 'roo' and 'honey' are what get me logged back in.
> >
> >Is there a bug in the walleye.pl script? Am I too familiar and
> >forgetting some important step?
> >
> >Can I bypass this to use the walleye interface or am I stuck with
> >ssh?
> >
> >TIA!
> >
> >L.
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.5
>
> wkYEARECAAYFAkaxuosACgkQk7+e+4lPSm3AmACgsGW+FCjLG4r3PJBSCtEv2lqvMD4A
> niIuwOkBV9ymAWC4bMUTM1OmXuAN
> =0Zjr
> -----END PGP SIGNATURE-----
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus