Closed
Bug 3029
Opened 26 years ago
Closed 25 years ago
passwords broken for 1 out of 26 people
Categories
(Bugzilla :: Bugzilla-General, defect, P1)
Bugzilla
Bugzilla-General
Tracking
()
VERIFIED
FIXED
Bugzilla old
People
(Reporter: lchiang, Assigned: terry)
References
Details
I'm entering this for nbaca@netscape.com because she cannot access bugzilla.
Nbaca has tried (on different machines) to log into bugzilla. Each time, the
login has failed. She asked that bugzilla email her the password, which it did,
but still no luck in logging in (even w/ a copy and paste of the password from
the email!).
Can you reset nbaca's password to "netscape" so that she can log in and change
her password again?
Call nbaca at x6406 or email her to confirm since I'm entering this bug for her.
Thanks!
Assignee | ||
Updated•26 years ago
|
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 1•26 years ago
|
||
Damn. Damn damn damn damn damn.
I wish I knew what was causing this. On rare occasion, something seems
to go through and wipe out the passwords for a few people. Just a few.
Anyway, I apologize. nbaca, the password that bugzilla mails to you should
now work.
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 2•26 years ago
|
||
I am now able to enter Bugzilla. Thanks!
Updated•25 years ago
|
Comment 3•25 years ago
|
||
I have encountered the bug while helping to manage the bugzilla installation
on www.e-speak.net.
The problem seems to be caused by a difference in the way that perl encrypts
passwords and the way that mysql encrypts them. In bugzilla, the initial
passowrd is encrypted by MySQL and verified against a password encrypted
in perl. The two encrypted passwords seem not to match in cases where the
encrypted password begins with two equal characters. Brian Behlendorf pointed
out that the rate of occurance seems to be almost 1/26.
For example, you can find a list of all people who cannot log in by using
the following query:
select login_name
from profiles
where SUBSTRING(cryptpassword, 1, 1) = SUBSTRING(cryptpassword, 2, 1);
The solution I used was to (1) do all encryption in perl and none in mysql;
and (2) put the perl password generation logic in a loop that generates
new salt until the first two characters of the encrypted password are not
equal.
jason!
======================================================================
Jason Robbins, Ph.D. Collab.Net is hiring open source developers!
Senior Software Engineer http://www.collab.net/jobs
======================================================================
Assignee | ||
Comment 4•25 years ago
|
||
Hot damn! Someone finally figured this out! Thank you, thank you!
Do you have the patches you mentioned available?
Assignee | ||
Updated•25 years ago
|
Status: REOPENED → ASSIGNED
Priority: P2 → P1
Assignee | ||
Updated•25 years ago
|
Resolution: FIXED → ---
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 26 years ago → 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 7•25 years ago
|
||
OK, I have come up with my own patch and have checked it in.
My fix causes all encryption to happen in MySQL, not in perl.
Thanks again for figuring this out!
Comment 8•25 years ago
|
||
Verified
Comment 9•23 years ago
|
||
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
QA Contact: matty
Target Milestone: --- → Bugzilla old
Version: other → unspecified
Comment 10•22 years ago
|
||
fixing summary so nobody accidently moves this to the mozilla.org product
Summary: Pls reset the password for nbaca@netscape.com. → passwords broken for 1 out of 26 people
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•