[cvsnt] 2.5.04.3055: des crypt broken
arekm at maven.pl
Mon Jun 16 18:50:52 BST 2008
I was recently playing with cvsnt 2.5.04.3055 server and noticed that single
DES encrypted password handling is broken.
Replacing custom implementation of crypt handling with system one
fixed the problem.
Note that md5 hashes were working correctly. Didn't dig into cvsnt own
ufc_crypt() since system wide crypt() is much better and sane solution for
Testing was done on linux 2.6/glibc 2.8.
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
More information about the cvsnt