Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Nomad (mailman_at_crypton.pl)
Date: Wed Sep 25 2002 - 17:17:19 CDT
I'v upgraded my FreeBSD to 4.6.2 some time ago. Since that day I added some new accounts to my system. Everything was OK but... But some beautifull day I made mistake and I wrote shorter password than the good one. And what happend ? System let me in after succesful authorization !!!
So I made small investigation. And what I found: new auth_default value in my system is DES !!! And my password on new accounts are only 8 characters long !!!
If you'v done the same check your master.passwd if there are some DES encoded passwords. Because 8 character password without right password policy (with short paswords in mind) are VERY easy to brake. I know, I don't have to say that on this list, but writting about fundamental things is never in off.
So, if I am alone with this problem: I am sorry, I'v had to done some mistake.
But if not: so, I think that we have to do something with this...
I upgraded my FreeBSD by buildworld/installworld from sources.
-- [%% If you dance with devil %%] [%% you don't changing him. %%] [%% The devil is the one %%] [%% who is changing you. %%]
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message