Bug 2213597

Summary:	chpasswd does not use a unique salt per line entry
Product:	[Fedora] Fedora	Reporter:	Fedora Guru <alt.f9-fdg785n>
Component:	shadow-utils	Assignee:	Iker Pedrosa <ipedrosa>
Status:	NEW ---	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	38	CC:	aboscatt, ipedrosa, jkucera, mitr, pvrabec, tm
Target Milestone:	---	Keywords:	Security, Triaged
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Fedora Guru 2023-06-08 16:36:10 UTC

chpasswd does not generate a unique salt for each line of input which means that the same password will result in the same hash.  Kind of defeats the purpose.

[root@fedora38]# seq -f user%02g 10 | while read x; do useradd -m $x; done
[root@fedora38]# seq -f user%02g 10 | sed -e 's/.*/&:TestSecret1/' | chpasswd 
[root@fedora38]# grep user[0-9][0-9] /etc/shadow
user01:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user02:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user03:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user04:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user05:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user06:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user07:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user08:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user09:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::
user10:$y$j9T$qFRIpafBx.wKfP.K7Rx8s/$AD1RBpoDJPrdeD.yxVw5awqspL0kxUnUflIeuyUMJz6:19516:0:99999:7:::


Reproducible: Always

Steps to Reproduce:
1.Create multi-line input for chpassword using different usernames and the same password
2.Observe that all the hashes are the same
3.If each line is instead fed to chpassword in separate invocations, the hashes are different
Actual Results:  
Actual results are seen above in Details.

Expected Results:  
Expected that each password, even if the same, have a unique hash output.

Should generate a separate salt for each line of input.