Issue Details (XML | Word | Printable)

Key: CORE-3933
Type: Bug Bug
Status: Closed Closed
Resolution: Duplicate
Priority: Major Major
Assignee: Unassigned
Reporter: jaymie.phillips
Votes: 0
Watchers: 1

If you were logged in you would be able to see more operations.
Firebird Core

Serious issue with database login, a user may log in with a fictional password that begins with the actual password for the database

Created: 21/Sep/12 04:05 PM   Updated: 18/Oct/16 06:03 PM
Component/s: None
Affects Version/s: 2.1.3
Fix Version/s: None

Environment: Windows 7 x64 (Professional) Firebird 2.1.3
Issue Links:

QA Status: No test

 Description  « Hide
The user is able to log in with a paswword that is an extended version of the password used for the database.

if the password for the database is := masterkey then
the user is able to log in with a password of := masterkeythisisthepasswordrighthere
providing the username matches

this is however does not appear to apply to the username field

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Carlos H. Cantu added a comment - 21/Sep/12 04:34 PM - edited
Up to FB 2.5.x, only the first 8 chars of the password are used. Afair, FB 3 will raise this limit to 32 chars.