#21733: password prompt in luci accepting incomplete password
--------------------------------+------------------------
Reporter: brennangalletly@… | Owner: developers
Type: defect | Status: closed
Priority: normal | Milestone:
Component: packages | Version: Trunk
Resolution: worksforme | Keywords: password
--------------------------------+------------------------
Comment (by brennangalletly@…):
The issue has kept occuring for me persistently in a web browser as well
as CLI Since you could not reproduce I changed my password and tried your
curl example and interestingly the issue only partially remained:
password entered below is 'foobar@@69'
{{{
#!div style="font-size: 80%"
Code highlighting:
{{{#!bash
macdiesel@bgvaio:~$ ssh [email protected]
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
DESIGNATED DRIVER (Bleeding Edge, r48297)
-----------------------------------------------------
* 2 oz. Orange Juice Combine all juices in a
* 2 oz. Pineapple Juice tall glass filled with
* 2 oz. Grapefruit Juice ice, stir well.
* 2 oz. Cranberry Juice
-----------------------------------------------------
bnetwrt:~$ passwd root
Changing password for root
New password:
Retype password:
Password for root changed by root
bnetwrt:~$ cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Bleeding Edge'
DISTRIB_REVISION='r48297'
DISTRIB_CODENAME='designated_driver'
DISTRIB_TARGET='mvebu/generic'
DISTRIB_DESCRIPTION='OpenWrt Designated Driver r48297'
DISTRIB_TAINTS='no-all no-ipv6 busybox'
bnetwrt:~$ exit
logout
Connection to 192.168.1.1 closed.
macdiesel@bgvaio:~$ curl 'https://192.168.1.1/cgi-bin/luci/' -s -o
/dev/null -w "%{http_code}" -k -H 'Content-Type: application/x-www-form-
urlencoded' --data 'luci_username=root&luci_password=foobar'
403
macdiesel@bgvaio:~$ curl 'https://192.168.1.1/cgi-bin/luci/' -s -o
/dev/null -w "%{http_code}" -k -H 'Cont-Type: application/x-www-form-
urlencoded' --data 'luci_username=root&luci_password=foobar@@'
302
macdiesel@bgvaio:~$ curl 'https://192.168.1.1/cgi-bin/luci/' -s -o
/dev/null -w "%{http_code}" -k -H 'Cont-Type: application/x-www-form-
urlencoded' --data 'luci_username=root&luci_password=foobar@@69'
302
macdiesel@bgvaio:~$ curl 'https://192.168.1.1/cgi-bin/luci/' -s -o
/dev/null -w "%{http_code}" -k -H 'Cont-Type: application/x-www-form-
urlencoded' --data 'luci_username=root&luci_password=foobar69'
403
macdiesel@bgvaio:~$ curl 'https://192.168.1.1/cgi-bin/luci/' -s -o
/dev/null -w "%{http_code}" -k -H 'Cont-Type: application/x-www-form-
urlencoded' --data 'luci_username=root&luci_password=foobar'
403
macdiesel@bgvaio:~$ curl 'https://192.168.1.1/cgi-bin/luci/' -s -o
/dev/null -w "%{http_code}" -k -H 'Cont-Type: application/x-www-form-
urlencoded' --data 'luci_username=root&luci_password=foobar@@'
302
macdiesel@bgvaio:~$ curl 'https://192.168.1.1/cgi-bin/luci/' -s -o
/dev/null -w "%{http_code}" -k -H 'Cont-Type: application/x-www-form-
urlencoded' --data 'luci_username=root&luci_password=foo'
403
macdiesel@bgvaio:~$
}}}
}}}
If you would like anything else to help please let me know. -Brennan
--
Ticket URL: <https://dev.openwrt.org/ticket/21733#comment:2>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
