Bug 1249672

Summary:	RHEL7 atomic and other cloud images using MD5 password hashing
Product:	[Other] Security Response	Reporter:	Adam Mariš <amaris>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	admiller, vpavlin
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-10-21 00:47:15 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1249675

Description Adam Mariš 2015-08-03 14:29:03 UTC

Colin Walters of Red Hat reported that cloud images including RHEL7 atomic cloud use MD5 for hashing the passwords.

Link to RT:
https://engineering.redhat.com/rt/Ticket/Display.html?id=364512&results=4fe06531482005289b2bd55008734d2c

Complete list of affected cloud images:
$ git grep -e --enablemd5
archive/cloud-engine-6.1.ks:auth --useshadow --enablemd5
archive/libra-express-6.0.ks:auth --useshadow --enablemd5
jbeap/jb-eap-5-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbeap/jb-eap-6-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbeap/jb-eap-6.4.0-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbeap/jb-eap-6.4.0-rhel-6.6-ec2.ks:auth --useshadow --enablemd5
jbews/jb-ews-1-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbon/jb-on-server-rhel-5-ec2.ks:auth --useshadow --enablemd5
jbon/jb-on-server-rhel-6-ec2.ks:auth --useshadow --enablemd5
mrg/mrg-grid-2-rhel-5-ec2.ks:auth --useshadow --enablemd5
mrg/mrg-grid-2-rhel-6-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.10-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.11-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.5-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.6-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.7-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.8-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.9-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6-hwcert.ks:authconfig --enableshadow --enablemd5
rhel6/rhel-6.0-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.1-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.2-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.3-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.4-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.5-sap-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.5-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.6-sap-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.6-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.6-server-kvm.ks:auth --useshadow --enablemd5
rhel6/rhel-6.7-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.7-server-kvm.ks:auth --useshadow --enablemd5
rhel7/atomic-7.1-cloud.ks:auth --useshadow --enablemd5
rhel7/atomic-7.1-vagrant.ks:auth --useshadow --enablemd5
rhel7/rhel-7.1-docker-utility.ks:authconfig --enableshadow --enablemd5
rhel7/rhel-7.1-server-vagrant-kube.ks:authconfig --enableshadow --enablemd5
rhel7/rhel-7.1-server-vagrant.ks:authconfig --enableshadow --enablemd5
rhel7/rhel7-hyperv-utility.ks:authconfig --enableshadow --enablemd5
rhev/rhevm-3.5-rhel-6.6/rhevm-appliance.ks:auth --useshadow --enablemd5
rhev/rhevm-3.5-rhel-6.7/rhevm-appliance.ks:auth --useshadow --enablemd5
rhev/rhevm-3.6-rhel-6/rhevm-appliance.ks:auth --useshadow --enablemd5
rhui/rhel5-x86_64-AMAZON-CDS.ks:auth --useshadow --enablemd5
rhui/rhel5-x86_64-AMAZON-RHUA.ks:auth --useshadow --enablemd5
rhui/rhel5-x86_64-AMAZON-STARTER.ks:auth --useshadow --enablemd5
rova/rova.ks:auth --enablemd5 --enableshadow
satellite/foreman-discovery-image.ks:auth --useshadow --enablemd5
storage/RHGS-3.1-ec2.ks:auth --useshadow --enablemd5
storage/RHS-2.0-ec2.ks:auth --useshadow --enablemd5
storage/RHS-2.1-ec2.ks:auth --useshadow --enablemd5
storage/RHS-3.0-ec2.ks:auth --useshadow --enablemd5