[MXS-581] Only the first 8 characters of passwords are used Created: 2016-02-12  Updated: 2016-02-15  Resolved: 2016-02-15

Status: Closed
Project: MariaDB MaxScale
Component/s: maxadmin
Affects Version/s: 1.2.1
Fix Version/s: 1.4.0

Type: Bug Priority: Blocker
Reporter: Geoff Montee (Inactive) Assignee: markus makela
Resolution: Fixed Votes: 0
Labels: None


 Description   

Only the first 8 characters of a password are checked:

[ec2-user@ip-172-31-47-243 ~]$ maxadmin -u perm_admin -p password add user geoff thispasswordislong
 
User geoff has been successfully added.
 
[ec2-user@ip-172-31-47-243 ~]$ maxadmin -u geoff -p thispass -h 127.0.0.1 show users
 
Administration interface users:
 
Users table data
 
Hashtable: 0x350b2b0, size 52
 
        No. of entries:         2
 
        Average chain length:   0.0
 
        Longest chain length:   1
 
User names: perm_admin, geoff
 
[ec2-user@ip-172-31-47-243 ~]$ maxadmin -u geoff -p thispas -h 127.0.0.1 show users
 
Failed to connect to MaxScale. Incorrect username or password.



 Comments   
Comment by markus makela [ 2016-02-15 ]

Fixed by switching to a more secure encryption algorithm.

Generated at Thu Feb 08 04:00:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.