Author Topic: any user can see the length of the administrator password  (Read 10183 times)

Offline kinemitor

  • Comodo's Hero
  • *****
  • Posts: 322
any user can see the length of the administrator password
« on: March 09, 2011, 12:35:49 AM »
i dont need to post it in the correct format because its really simple to reproduce
CTM 2.9b
just create an user with any privileges like take snapshot and restore, then if you log in in the limited user you still can see the properties of any user. and there is the length of the password, this way the limited user can guess what the password is by the length

Offline Flykite

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 516
Re: any user can see the length of the administrator password
« Reply #1 on: April 13, 2011, 09:59:47 PM »
Yes, it is a problem. We'll see what we can do.
Thanks!

Offline 00hmh

  • Comodo Loves me
  • ****
  • Posts: 104
Re: any user can see the length of the administrator password
« Reply #2 on: April 13, 2011, 11:23:22 PM »
Not sure you should allow a non administrative account to use CTM, or install it.  So how can this happen in practice?   


Offline kinemitor

  • Comodo's Hero
  • *****
  • Posts: 322
Re: any user can see the length of the administrator password
« Reply #3 on: April 14, 2011, 04:20:46 AM »
Not sure you should allow a non administrative account to use CTM, or install it.  So how can this happen in practice?   
im talkng about users created in CTM not in windows

Offline Flykite

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 516
Re: any user can see the length of the administrator password
« Reply #4 on: April 14, 2011, 06:02:28 AM »
Hi kinemitor:
  I know what you mean  :) :).

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek