Menu

#61 Reg issue with password having 16 bytes.

closed-fixed
nobody
None
5
2012-05-01
2011-02-17
Anonymous
No

Issue:
IPMITool allows user wih more than 16 bytes password in lan.

Stpes to reproduce:
1. create a user with 16 byte pasword for ipmi 1.5. [ex: password 1234567890123456]
2. send ipmitool command (-I lan) with that user and password with more than 16 byte [ex: password 12345678901234567, 123456789012345678, etc.,
3. it gets succeeed for all password, because it take care for only 16 bytes).

Expected result:
if the command is given for -I lan then tool should give error for password more than 16 bytes.

Discussion

  • Jim Mankovich

    Jim Mankovich - 2012-04-18
    • assigned_to: nobody --> jmank
     

  • Jim Mankovich

    Jim Mankovich - 2012-04-24
    • assigned_to: jmank --> nobody
     

  • Duncan Idaho

    Duncan Idaho - 2012-05-01

    This will be patched in CVS. I just want to note this issue is similar to CRYPT. Despite it is going to be limited what ipmitool will and won't accept, there are other clients that do not. Or you can compile ipmitool without these checks. There simply is no way this can be fixed as whatever is beyond 16 bytes, resp. 20 bytes, is ignored.

     

  • Jim Mankovich

    Jim Mankovich - 2012-05-01

    committed to cvs

     

  • Jim Mankovich

    Jim Mankovich - 2012-05-01
    • status: open --> closed-fixed
     

Log in to post a comment.