Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 23 Aug 2012 17:28:24 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: loader.c pwdump bug in CVS core

On Thu, Aug 23, 2012 at 02:44:56PM +0200, magnum wrote:
> Attached patch is committed to bleeding-jumbo now but the bug is
> actually in core CVS. The first hex digit of the LM hash was omitted
> (over-written by the field separator), leaving a 31-digit hash.

Oops.  Well, this only affected --show, and this output field is rarely
used (in fact, previously it was removed when we were displaying cracked
passwords for the LM hashes).  However, yes, this was a bug indeed.
I'll apply your patch.  Thank you!

For others reading this: the bug was introduced in recent changes; it
is not found in any released version.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ