[screen-devel] [bug #32875] password login fail if the hashed password has more than 1 . or /

[Sherif Nagy]

URL:
  <http://savannah.gnu.org/bugs/?32875>

                 Summary: password login fail if the hashed password has more
than 1 . or /
                 Project: GNU Screen
            Submitted by: sherif
            Submitted on: Tue 22 Mar 2011 08:39:14 AM GMT
                Category: None
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.0.3
           Fixed Release: None
         Planned Release: None
           Work Required: None

    _______________________________________________________

Details:

I used a simple python script to generate random salt for password encryption
using crypt python library, including password HASH in .screenrc sometime
works and some times don't, by observing the behaviour I find that if the hash
something like the follow:

$1$1F0JSWIG$8ehSYNV834hcaBM4KgJhG1  will not prompt for password
$1$YNMAB2D6$wYPhEaWGPM8zfi.HqySLL1  will give login failed
$1$H369GRQO$qKOS.WYJfmYza4qeHcIys/  will give login failed
$1$ISEZPQN4$6BpAWUkoTvBUH5FOmd8fr/  will work

NOTE: Password foobar

My guess is that the parsing for the password attribute uses delimiter "." or
"/" which in case 2 and 3 exits twice or once in the middle, so screen takes
half the hash "where the 1st delimiter found" and compare the input password,
in case 1 no delimiter found. Case 4 works perfectly

Thank You
Sherif




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?32875>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/