[Samba] Samba 2.2.5 Security Bug?

imed at gmx.ch imed at gmx.ch
Tue Oct 8 18:10:01 GMT 2002

Hi there,

> No password is different from the password "" (an empty password).
> "" is actually hashed as an empty string and is a valid password,
> NO PASSWORD is  treated differently.

That not very consistent! With SWAT it's not possible for the user user to
set an empty password, this is Unix like.

No password is just allowed for root, that's ok, because it's under root's
control. An empty password is possible for all user and this really bad,
because you don't have any control on the user passwords, even not in the smb.conf

In addition, with the old samba versions < 2.0 it wasn't possible even for
root to set an empty password!

Is there any cogent reason, why should "" (an empty password) now be a valid

Thanks for hints!



+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

More information about the samba mailing list