First Last Prev Next    This bug is not in your last search results.
Bug 19256 - Useradd saves plain text passwords in shadow passsword file
Useradd saves plain text passwords in shadow passsword file
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils (Show other bugs)
7.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Dale Lovelace
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-17 10:46 EDT by Johnray Fuller
Modified: 2007-03-26 23:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-17 10:46:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Johnray Fuller 2000-10-17 10:46:43 EDT 
Hello,

Mark Wolfgang actuallty found this one,.

The bug occurs if the user uses this command to enter a new user's
password:

useradd newuser -p password

The password under this command is stored in plain text in the /etc/shadow
file. this of course prevents the user from logging in.

Take care,
Johnray
Comment 1 Nalin Dahyabhai 2000-10-17 12:16:41 EDT 
As documented in the man page, the -p option expects an already-crypted
password.  Use
python -c 'import crypt;print crypt.crypt("password","salt")'
to generate a suitable value.  Use a salt of "$1$jrHrLTgH" or something similar
to get an md5crypt hash instead of a standard crypt hash.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.