0 Replies Latest reply on Jun 26, 2015 2:31 PM by 1370185

    Patch 148049-04 is there still a bug with this patch?

    1370185

      Running Solaris 10 and have applied patch 148049-04

       

      Problem occurred during a routine password change.

       

      The password used was hgizxtic#17

       

      The password was changed successfully on an unpatched machine (it has the critical patch cluster april 2013 installed).

       

      However when it came to output the password change fails with a "password is based on a reversed dictionary word".

       

      When patch 148049-04 is backed out the password change is successful as per the other machine. When the patch is reinstalled the change fails.

       

      So-there is some change to the reverse dictionary check introduced by 148049-04 which does not seem to be working in the same manner as previous versions. In fact the check seems to be failing as the failed password contains the initial three letters of a word in the dictionary (ie. tic(K)).I suspect that the error is produced not just by matching a complete word in the dictionary but by also matching a segment of letters contained in a word in the word dictionary-three letters seems to be segment length. The same error can be produced if the segment (in this case tic) is replaced by tok or mos ie the first three letters of mos(t) or tok(en).