Roger Keays wrote:
Hi all,
I'm not sure if this is common knowledge or not, but I have just
noticed the effects of having the first two letters of your password
the same as the first two in your login name... You can use any
extension of your password!!
e.g., on my Woody box I added a user called 'ron' and his password was
'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and
so forth!
I tried a few more and had the same results. This is something to do
with the random salt right?
Can anyone else reproduce this?
Cheers,
Roger
I just tried this with the same as you, I found that if you use
rooniosko instead of roniosko, the result is the same. I've tried with
another one (user azerty and password ra) and it doesn't work. I put
azertyqsdf as paswword and I have the same... But if I put azerty as
password it don't... let's count the number of letters... roniosko : 8,
rooniosko : 9, ra : 2, azertyqsdfd : 10, azerty : 5
I think the size is important, not the extension fact. I think all
characters after the 8th letter is ignored. Anybody confirms ?
Regis.
