Honeypots
Re: Roo 1.2 password changing Aug 08 2007 07:52PM
Earl (esammons hush com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Once again I am reminded that I should stick to OS level issues ;P

Earl

On Wed, 08 Aug 2007 12:45:24 -0400 Lucretia <lucretias (at) shaw (dot) ca [email concealed]>
wrote:
>On Thu, 2007-08-02 at 12:19 -0400, Earl wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> The db schema that holds the walleye passwd is char/16. We felt
>> that given the "mix" requirements this would usually be a
>> sufficient length.
>>
>> I'm not sure if MySQL gives you the full 16 or if there is some
>> sort of "end-of-string" char that ends up yielding 15. Will a
>15
>> (or lower) char password work?
>
>After discussing this off list with Scott, it was determined to be
>a bug
>limiting to eight or nine characters.
>
>I have traditionally used 10 to 17 chars which simply would not
>work. 8
>and 9 work fine.
>
>This is new with Roo 1.2.
>
>Thanks again to Scott for confirming this for me.
>
>>
>> Earl
>>
>>
>> On Tue, 31 Jul 2007 10:04:27 -0400 Lucretia <lucretias (at) shaw (dot) ca [email concealed]>
>> wrote:
>> >Greetings.
>> >
>> >I have used Roo for a couple years now and like the simple
>> >package. I
>> >have wiped my 1.1 box for installation of 1.2 which is going
>fine
>> >except
>> >for one problem I cannot figure out.
>> >
>> >When I login to walleye for the first time, it takes me to the
>> >change
>> >password page. I cannot get past this page. It requests the
>> >current
>> >password 'honey' and then the new password and a confirm of the
>> >new
>> >password. The new password is 17 chars with all the
>prerequisites
>> >yet I
>> >keep getting one of the two errors
>> >
>> >'the password is not long enough' or 'the username or password
>you
>> >entered is not valid'.
>> >
>> >Then I'll generate 'you have exceeded the maximum number of
>login
>> >attempts.
>> >
>> >But then 'roo' and 'honey' are what get me logged back in.
>> >
>> >Is there a bug in the walleye.pl script? Am I too familiar and
>> >forgetting some important step?
>> >
>> >Can I bypass this to use the walleye interface or am I stuck
>with
>> >ssh?
>> >
>> >TIA!
>> >
>> >L.
>> -----BEGIN PGP SIGNATURE-----
>> Note: This signature can be verified at
>https://www.hushtools.com/verify
>> Version: Hush 2.5
>>
>>
>wkYEARECAAYFAkaxuosACgkQk7+e+4lPSm3AmACgsGW+FCjLG4r3PJBSCtEv2lqvMD4
>A
>> niIuwOkBV9ymAWC4bMUTM1OmXuAN
>> =0Zjr
>> -----END PGP SIGNATURE-----
>>
>>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAka51TwACgkQk7+e+4lPSm2hiACgoXyo0GTw7scryyBz2+y+V5XBCjIA
nRDYwPhyPh6JdBejvX78qvGmmOjg
=sgbB
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus