Bug 1249672 - RHEL7 atomic and other cloud images using MD5 password hashing
Summary: RHEL7 atomic and other cloud images using MD5 password hashing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1249675
TreeView+ depends on / blocked
 
Reported: 2015-08-03 14:29 UTC by Adam Mariš
Modified: 2021-10-21 00:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 00:47:15 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2015-08-03 14:29:03 UTC 
Colin Walters of Red Hat reported that cloud images including RHEL7 atomic cloud use MD5 for hashing the passwords.

Link to RT:
https://engineering.redhat.com/rt/Ticket/Display.html?id=364512&results=4fe06531482005289b2bd55008734d2c

Complete list of affected cloud images:
$ git grep -e --enablemd5
archive/cloud-engine-6.1.ks:auth --useshadow --enablemd5
archive/libra-express-6.0.ks:auth --useshadow --enablemd5
jbeap/jb-eap-5-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbeap/jb-eap-6-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbeap/jb-eap-6.4.0-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbeap/jb-eap-6.4.0-rhel-6.6-ec2.ks:auth --useshadow --enablemd5
jbews/jb-ews-1-rhel-6-ec2.ks:auth --useshadow --enablemd5
jbon/jb-on-server-rhel-5-ec2.ks:auth --useshadow --enablemd5
jbon/jb-on-server-rhel-6-ec2.ks:auth --useshadow --enablemd5
mrg/mrg-grid-2-rhel-5-ec2.ks:auth --useshadow --enablemd5
mrg/mrg-grid-2-rhel-6-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.10-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.11-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.5-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.6-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.7-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.8-server-ec2.ks:auth --useshadow --enablemd5
rhel5/rhel-5.9-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6-hwcert.ks:authconfig --enableshadow --enablemd5
rhel6/rhel-6.0-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.1-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.2-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.3-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.4-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.5-sap-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.5-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.6-sap-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.6-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.6-server-kvm.ks:auth --useshadow --enablemd5
rhel6/rhel-6.7-server-ec2.ks:auth --useshadow --enablemd5
rhel6/rhel-6.7-server-kvm.ks:auth --useshadow --enablemd5
rhel7/atomic-7.1-cloud.ks:auth --useshadow --enablemd5
rhel7/atomic-7.1-vagrant.ks:auth --useshadow --enablemd5
rhel7/rhel-7.1-docker-utility.ks:authconfig --enableshadow --enablemd5
rhel7/rhel-7.1-server-vagrant-kube.ks:authconfig --enableshadow --enablemd5
rhel7/rhel-7.1-server-vagrant.ks:authconfig --enableshadow --enablemd5
rhel7/rhel7-hyperv-utility.ks:authconfig --enableshadow --enablemd5
rhev/rhevm-3.5-rhel-6.6/rhevm-appliance.ks:auth --useshadow --enablemd5
rhev/rhevm-3.5-rhel-6.7/rhevm-appliance.ks:auth --useshadow --enablemd5
rhev/rhevm-3.6-rhel-6/rhevm-appliance.ks:auth --useshadow --enablemd5
rhui/rhel5-x86_64-AMAZON-CDS.ks:auth --useshadow --enablemd5
rhui/rhel5-x86_64-AMAZON-RHUA.ks:auth --useshadow --enablemd5
rhui/rhel5-x86_64-AMAZON-STARTER.ks:auth --useshadow --enablemd5
rova/rova.ks:auth --enablemd5 --enableshadow
satellite/foreman-discovery-image.ks:auth --useshadow --enablemd5
storage/RHGS-3.1-ec2.ks:auth --useshadow --enablemd5
storage/RHS-2.0-ec2.ks:auth --useshadow --enablemd5
storage/RHS-2.1-ec2.ks:auth --useshadow --enablemd5
storage/RHS-3.0-ec2.ks:auth --useshadow --enablemd5
Note You need to log in before you can comment on or make changes to this bug.