[cvsnt] 2.5.04.3055: des crypt broken
Arkadiusz Miskiewicz
arekm at maven.pl
Mon Jun 16 18:50:52 BST 2008
Hello,
I was recently playing with cvsnt 2.5.04.3055 server and noticed that single
DES encrypted password handling is broken.
Replacing custom implementation of crypt handling with system one
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/cvsnt-crypt.patch
fixed the problem.
Note that md5 hashes were working correctly. Didn't dig into cvsnt own
ufc_crypt() since system wide crypt() is much better and sane solution for
me.
Testing was done on linux 2.6/glibc 2.8.
--
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
More information about the cvsnt
mailing list