[rt-users] Wide character in crypt generates stack trace with password revealed

Martin Drasar drasar at ics.muni.cz
Tue Apr 20 06:01:53 EDT 2010

Hi everyone,
when logging into RT having czech keyboard accidentaly set, wide
characters may be accidentally supplied to the password routine. (Czech
keyboard have letters with wedges in the same row as numbers).
This causes error shown in attached page, revealing password to
bystanders as well as needlessly showing RT path.

I am providing a quick patch that catches the exception generated by
crypt and makes RT behave like ordinary bad password was provided.


Mgr. Martin Drasar                                   drasar at ics.muni.cz
Network Security Department                         http://ics.muni.cz/
CSIRT-MU                                       http://www.muni.cz/csirt
Institute of Computer Science, Masaryk University, Brno, Czech Republic
                       PGP Key ID: 0x944BC925
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100420/57a8ca33/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: wide_char_err.patch
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100420/57a8ca33/attachment.ksh>

More information about the rt-users mailing list