[clug] Root password readable in clear in Ubuntu 5.10
Michael Bennett
mib at homemail.com.au
Mon Mar 13 12:01:37 GMT 2006
Hi
I don't know if everybody has seen this yet but people might be very
interested in this.
You can find details at
https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
or read below:
The root password from the first user registred by Breezy can be found
by any user by reading the file /var/log/installer/cdebconf/questions.dat
a quick
grep -r rootpassword /var
shows that the rootpassword is forgotten in cleartext by the installer
on several occations
/var/log/installer/cdebconf/questions.dat:Value: mypasswd
/var/log/installer/cdebconf/questions.dat:Value: mypasswd
/var/log/debian-installer/cdebconf/questions.dat:Value: mypasswd
/var/log/debian-installer/cdebconf/questions.dat:Value: mypasswd
Seeya
Michael.
More information about the linux
mailing list