[rt-users] Wide character in crypt generates stack trace with password revealed
Martin Drasar
drasar at ics.muni.cz
Tue Apr 20 06:01:53 EDT 2010
Hi everyone,
when logging into RT having czech keyboard accidentaly set, wide
characters may be accidentally supplied to the password routine. (Czech
keyboard have letters with wedges in the same row as numbers).
This causes error shown in attached page, revealing password to
bystanders as well as needlessly showing RT path.
I am providing a quick patch that catches the exception generated by
crypt and makes RT behave like ordinary bad password was provided.
Martin
--
Mgr. Martin Drasar drasar at ics.muni.cz
Network Security Department http://ics.muni.cz/
CSIRT-MU http://www.muni.cz/csirt
Institute of Computer Science, Masaryk University, Brno, Czech Republic
PGP Key ID: 0x944BC925
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100420/57a8ca33/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: wide_char_err.patch
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100420/57a8ca33/attachment.ksh>
More information about the rt-users
mailing list