SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001824: Admin GUI password fails with $ in - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001824Endian FirewallInput Validationpublic2009-04-27 09:352011-07-12 16:16
Reporterluca-endian 
Assigned Tomax-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-rc3 
Target VersionFixed in Version 
Summary0001824: Admin GUI password fails with $ in
DescriptionIf you change a password from the gui and type one with $ (in the first notice was fUspAB$K) you are not allowed in any more.

Ssh passoword change seems to work, I don't know for dial password
Tagspurple
Attached Files

- Relationships
has duplicate 0002315resolvedpeter-endian Endian Firewall Login with $ ore other extra signs in password fails 
has duplicate 0002316confirmedpeter-endian Endian Firewall Import of Server Certifikate only without special signs possible 
related to 0002314closedsimon-endian Endian Firewall DHCP fails start with CUSTOM DHCP-Option Field used 

-  Notes
(0002222)
luca-endian (developer)
2009-04-28 15:10

works with $ in the end
for example: pippo$
(0002326)
luca-endian (developer)
2009-05-13 07:36

What is strange:
When I change the password via SSH
htpasswd -m /var/efw/auth/users admin
Password = start$123 (now the password works)
(0004086)
luca-endian (developer)
2010-03-23 14:15
edited on: 2010-03-23 14:16

same problem notified for char %

(0005200)
max-endian (developer)
2010-11-25 09:09

There is a bug in the file /home/httpd/cgi-bin/passwd-lib.pl ca. at line 89:

Please replace the if statment:

if ($type eq 'web') {
  system('/usr/bin/sudo /usr/bin/htpasswd -m -b ' . ${swroot} . '/auth/users ' . $user . ' ' . ${password1});
}

with this one:

if ($type eq 'web') {
  $password1 =~ s/'/\'/g;
  system('/usr/bin/sudo /usr/bin/htpasswd -m -b ' . ${swroot} . '/auth/users ' . $user . ' \'' . ${password1} . '\'');
}

- Issue History
Date Modified Username Field Change
2009-04-27 09:35 luca-endian New Issue
2009-04-27 09:39 luca-endian Tag Attached: purple
2009-04-27 09:39 luca-endian Relationship added related to 0000039
2009-04-28 15:10 luca-endian Note Added: 0002222
2009-05-13 07:21 luca-endian Description Updated
2009-05-13 07:36 luca-endian Note Added: 0002326
2009-07-24 09:12 luca-endian Status new => confirmed
2009-10-29 12:17 peter-endian View Status private => public
2009-10-29 12:18 peter-endian Relationship added has duplicate 0002315
2009-10-29 12:18 peter-endian Relationship added has duplicate 0002316
2009-10-29 12:18 peter-endian Relationship added related to 0002314
2010-02-04 10:14 peter-endian Relationship added related to 0002653
2010-03-23 14:15 luca-endian Note Added: 0004086
2010-03-23 14:16 luca-endian Note Edited: 0004086
2010-09-21 19:06 peter-endian Category GUI => Input Validation
2010-11-25 09:09 max-endian Note Added: 0005200
2010-11-25 09:09 max-endian Status confirmed => resolved
2010-11-25 09:09 max-endian Resolution open => fixed
2010-11-25 09:09 max-endian Assigned To => max-endian
2011-07-12 16:16 ra-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker