View Issue Details

IDProjectCategoryView StatusLast Update
0018328CentOS-7httpdpublic2021-10-11 07:49
Reportermorty Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionnot fixable 
OSCentOS 
Product Version7.9.2009 
Summary0018328: htpasswd from httpd-tools rejects password longer than 255 characters
DescriptionThe manpage for htpasswd implies that for Linux, there is supposed to be no limitation on password length. But when I give it a password longer than 255 characters, I get an error. Either something is wrong in the build, or the manpage should be adjusted.
 
Steps To Reproduce$ sudo yum -q install httpd-tools
Package httpd-tools-2.4.6-97.el7.centos.x86_64 already installed and latest version
$ dd if=/dev/zero bs=1 count=255 2>/dev/null | htpasswd -nsi someuser
someuser:{SHA}2jmj7l5rSw0yVb/vlWAYkK/YBwk=

$ dd if=/dev/zero bs=1 count=256 2>/dev/null | htpasswd -nsi someuser
htpasswd: password too long (>255)
$
TagsNo tags attached.
abrt_hash
URL

Activities

ManuelWolfshant

ManuelWolfshant

2021-10-11 07:49

manager   ~0038660

I confirm that your findings are correct. However this is a problem that can be fixed in Centos if and only if RHEL ships an updated version which corrects it. You could file a bug report at bugzilla.redhat.com but since EL7 is in maintenance mode, RedHat accepts mostly security related bug reports and will most certainly do not do anything.

Issue History

Date Modified Username Field Change
2021-10-11 04:08 morty New Issue
2021-10-11 07:49 ManuelWolfshant Status new => closed
2021-10-11 07:49 ManuelWolfshant Resolution open => not fixable
2021-10-11 07:49 ManuelWolfshant Note Added: 0038660