Open AndresPineros opened 6 years ago
Why don’t you check if it’s pw truncation by altering an earlier character in the sequence. Solaris used to have this. Cred@a dude named Jay
If you google "pam truncate" you will find an answer within the first few entries. It only uses the first 8 characters.
I created an OpenVPN server using this role on my Ubuntu 16.04 machine, with the following variables:
Because I want both PAM and certs, I removed the
client-certs-not-required
that is placed in the server.conf when using pam.The password for myuser was D1$play9!! I found by accident that I was able to login with that user using:
Why is this possible? This is a very serious security issue.