chetcpasswd.cgi ChangeLog Dec-22-2006 - chetcpasswd-2.4.2 released - md5.c removed. Now chetcpasswd uses crypt to handle DES and MD5 passwords. - password reuse cycle fixed. - to avoid vunerabilities, external program calls, like cp, mail and post_change facility was removed. Thanks to Ulf Harnhammar Nov-26-2006 - chetcpasswd-2.4.1 released - minor fixes: - password-maximum-length 8 tag changed to passwordmaximum_length 8 - missing MaxPwdLen in userform.c - new password length fixed in 8 in languages. Thanks to Chris Picciotto Nov-07-2006 - chetcpasswd-2.4 released - for security reasons HTTP_X_FORWARDED_FOR is no more checked. - languages moved to /usr/share/chetcpasswd/languages - to avoid security problemes, sprintf was changed to snprintf because sprintf can potentially output more characters than can fit in the allocation size of the string. Thanks to Eriberto - retry_limit tag added do chetcpasswd.conf. Now chetcpasswd will block the user if the limit is reached. Default=3 - Password Reuse Cycle added. Now you can control the password reuse. Default=10 Jun-20-2006 - chetcpasswd-2.3.3 released - Czech language added by Ji¿í Krakowitzer Thank you Mai-13-2006 - chetcpasswd-2.3.2 released - Ukrainian and Russian languages added by Alex Morozenko Thank you Mar-03-2006 - chetcpasswd-2.3.1 released - for security reasons, readme changed to alert the sysadmin to use chmod 400 in /etc/chetcpasswd.allow. Thanks to Eriberto Mar-28-2005 - chetcpasswd-2.3 released - Portuguese language added by Bruno Santos Thank you - old portuguese moved to Brazilian Mar-25-2005 - chetcpasswd-2.2 released - Romanian language added by Silviu Silaghi Thank you Dec-13-2004 - chetcpasswd-2.1 released - security bug fixed. The last shadow line is displayed when strings larger than 120 chars are used in userid field. Thanks to Joao Eriberto Mota Filho. - alert-email tag added to chetcpasswd.conf - post_change tag added to chetcpasswd.conf - success_url fixed - cancel-url added - user maximum length implemented - password maximum length implemented - MD5 crypt style added. Apr-02-2004 - chetcpasswd-2.0 released - css implemented. - chetcpasswd.conf implemented. - titles, colors, font sizes implemented. - syslog implemented. - warnings to the user improved. - password minimum length implemented. - Logo image implemented. - Language on the fly implemented. Oct-18-2002 - Bug fixed: error when moving the new passwd file from the temporary file. Thanks to Pedro Goncalves Changed: now the default cgi-bin dir is /var/www/cgi-bin Sep-28-2002 - Ben Parnell found a buffer overflow in chetcpasswd that allow local users get access to root if using 0.0.0.0 in /etc/chetcpasswd.allow file. FIXED in chetcpasswd-1.12 release. Thank you Ben for send me the code to break chetcpasswd. May-06-2001 - Finnish language by TMP Thank you Mar-30-2001 - Japanese language by IWAIZAKO Takahiro Thank you Nov-09-2000 - Spanish language by Sebastián Herrera Thank you Aug-17-2000 - Croatian language added by Marko Gnjidic Thank you Turkish language by Fikret Can Thank you. Mar-01-2000 - Danish language added by Jon Kjaersgaard Thank you. Jan-31-2000 - French language updated by Olivier Rousselot Thank you. Jan-20-2000 - Slovenian Language added by Bojan Pogacar Thank you Dec-29-1999 - Bug fixed: compare passwords with special characeter dont match. Thanks to Tymoteusz Rogalewski Nov-29-1999 - Polish Language added by Tymoteusz Rogalewski Thank you. Oct-19-1999 - Dutch Language added by Michel van Deventer Thank you. Oct-14-1999 - Serbian Language added by Nenad Babajic Thank you. Aug-10-1999 - Simplified Chinese language added by Linjingshan Thank you. Changed: root password cannot be changed with chetcpasswd anymore. Implementation asked by Linjingshan Jul-29-1999 - Bug fixed: test only the first ip address in chetcpass.allow file Thanks to Carlos D. Benecioto Jun-16-1999 - Chinese-Big5 Language added by Vic Hou Thank you. May-05-1999 - Indonesian language added by Zaldy Thank you. Apr-06-1999 - Bulgarian language added by Jordan Kanev Thank you. Apr-06-1999 - bug fixed: get wrong userid with strstr, changed to strncmp. Thanks to Charles Edinaldo Vilaga Mar-03-1999 - French language added by Paul Delannoy Thank you. Feb-23-1999 - Virtal Host ENV added by Tony Marchese . You can use --enable-virtual=your virtual_config_file A virtual host ENV is well described at this site http://www.spade.com/linux/howto/Virtual-Services-HOWTO-3.html Thank you. Feb-11-1999 - Italian language added by Tony Marchese Thank you. Jan-28-1999 - Hungarian Language added by Domonkos Sandor Thank you. Aug-04-1998 - German language added by Markus Jdckle Thank you. May-14-1998 - configure script implemented. May-08-1998 - bug fixed: verification error on passwords with special characters. Thanks to Suwat Panitkullawat Apr-30-1998 - suggested: CANCEL button changed to CLEAR button. Thanks to Alp Apr-29-1998 - bug fixed: get wrong userid with strstr, added ":" to end of string. Thanks to Alp