#1635 Option to create MD5 passwords not fully honoured

1.140
closed
Jamie Cameron
5
2004-05-16
2004-05-16
Bart Selders
No

By switching to the option to create MD5 passwords
webmin will generate MD5 encrypted passwords with the
prefix {crypt} rather then the prefix {MD5}. There is
bug in save_user.cgi where it is not checking which
encryption is being used.

This bug is in version 1.140 on RedHat9.

Find below the code that fixes this.

save_user.cgi

elsif ($in{'passmode'} == 2) {
$pass = $in{'encpass'};
if ($config{'md5'}) {
$pass = "{md5}".$pass
if ($pass !~ /^\{[a-zA-Z0-9]+\}/i);
}
else {
$pass = "{crypt}".$pass
if ($pass !~ /^\{[a-zA-Z0-9]+\}/i);
}
}
elsif ($in{'passmode'} == 3) {
$salt = substr(time(), -2);
if ($config{'md5'}) {
$pass = "{md5}".&encrypt_password($in{'pass'});
}
else {
$pass =
"{crypt}".&encrypt_password($in{'pass'});
}
}

Discussion

  • Bart Selders
    Bart Selders
    2004-05-16

    Logged In: YES
    user_id=1043267

    This bug is partly related to 954988

     
  • Jamie Cameron
    Jamie Cameron
    2004-05-16

    Logged In: YES
    user_id=129364

    Thanks - I will incorporate this fix into the next Webmin
    release!

     
  • Jamie Cameron
    Jamie Cameron
    2004-05-16

    • status: open --> closed