search for: 123456789ofgjdfuh

Hi, I've found a bug/problem with my centos 5.5 server. Any users who have a password of 9 characters or more, only the first 9 characters are used by the OS... eg. i set my password to "123456789" and i try logon via ssh with password "123456789ofgjdfuh" - it lets me in. and if i set my password to "qwertasdfGHJB" and i enter "qwertasdfSDWQWSDS" - it lets me in... The 'passwd' command only recognises the first 9 characters too... Has anyone seen this before, or know how to fix it? I feel its a major security ris...