Bug 19256 - Useradd saves plain text passwords in shadow passsword file
Summary: Useradd saves plain text passwords in shadow passsword file
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils
Version: 7.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Dale Lovelace
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-17 14:46 UTC by Johnray Fuller
Modified: 2007-03-27 03:36 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-10-17 14:46:45 UTC
Embargoed:


Attachments (Terms of Use)

Description Johnray Fuller 2000-10-17 14:46:43 UTC
Hello,

Mark Wolfgang actuallty found this one,.

The bug occurs if the user uses this command to enter a new user's
password:

useradd newuser -p password

The password under this command is stored in plain text in the /etc/shadow
file. this of course prevents the user from logging in.

Take care,
Johnray

Comment 1 Nalin Dahyabhai 2000-10-17 16:16:41 UTC
As documented in the man page, the -p option expects an already-crypted
password.  Use
python -c 'import crypt;print crypt.crypt("password","salt")'
to generate a suitable value.  Use a salt of "$1$jrHrLTgH" or something similar
to get an md5crypt hash instead of a standard crypt hash.


Note You need to log in before you can comment on or make changes to this bug.