First 8 characters of password allow access to restricted content

  • Resolved Innocutis

    (@innocutis)


    10 years, 1 month ago

    I used this plugin to protect a couple of pages and just noticed that if I type in only the first 8 characters of a 16 character password, access is granted to the content on the page. Is this a bug or does the plugin have an 8 character limit for the password? How can I fix this to grant access with only the full password?

    I have the latest version of WordPress and your plugin installed, am using Organic Themes’ “Bold” theme, if it matters.

    https://www.ads-software.com/plugins/content-protector/

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi, Innocutis.

    The plugin uses crypt() internally to hash the password. If you’re using Standard DES, then according to PHP’s docs, it only uses the first 8 characters, you’ll want to limit yourself to 8 character passwords if you can’t use anything but Standard DES (the Settings page will let you know what encryption algorithms are available).

    Thread Starter Innocutis

    (@innocutis)

    Ok. Thanks for the quick response!

    Just a quick note, Innocutis, I edited my initial post since your response; if you can change your encryption algorithm to anything other than Standard DES, you should be OK. I can confirm Blowfish will work on longer than 8 characters, so if your server supports that, you should be good.

    Thread Starter Innocutis

    (@innocutis)

    I switched it to Extended DES and now you have to type in the whole password to access the page. Thanks so much!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘First 8 characters of password allow access to restricted content’ is closed to new replies.