Red Hat Bugzilla – Bug 219187
A truncated md5 password in /etc/shadow is still valid.
Last modified: 2015-01-07 19:15:18 EST
Truncated md5 passwords in /etc/shadow are still be considered valid. Only the
beginning is compared, so a significantly truncated password can cause a huge
number of passwords to be valid.
Set root's shadow line to this:
Now try to login as root using su or ssh. At least the following passwords work:
Truncating the MD5 passwords in /etc/shadow could happen only by accident
(broken script run by admin or so).
So I don't think it is too serious problem.
This bug should not be called a security flaw.
While it appears it could have a security context, this really shouldn't. No
known good tools will cause this condition to happen, which means that an admin
must run a third party tool over the shadow file, and apparently one that
produces untrusted data. If an admin has a process producing untrustworthy
output that will be copied into the shadow file, there are other serious
problems, not just this. md5 is known to be flawed in many ways, this is simply
one of them.
Created attachment 143326 [details]
This is a proposed patch to fix the problem.
Bug 207387 gives a good example why a person might need to develop their own
tools to edit /etc/passwd and /etc/shadow, or edit manually.
As an actual security issue, an attacker who already has root can modify a
user's password so that the original password still works, but also some
additional ones. If a lot of effort has been taken to lock a system down, an
attacker might find this to be the most viable method of preserving remote
access. Since pwck doesn't complain, it could easily be missed even though the
admin thinks he is checking for this kind of thing.
"This bug should not be called a security flaw."
su and sshd don't care too much about truncated passwords, and accept a
password potentially very different from the intended password. That isn't a
So while the source of the problem is exceedingly rare and controlled, the
resulting hole is undetectable (pwck ***never*** complains) and wide enough to
make a system insecure. (Unless having multiple passwords for root isn't a
If you're using md5 passwords, root has multiple passwords. It's the nature of
md5 passwords. They're known to be weak against collision attacks. If you're
worried about anything being able to accept a password which is different than
the intended one, don't use MD5 password hashes.
I can be convinced that this should be considered a security flaw, but these
current arguments are stretches. This bug simply highlights the inherent
weakness of MD5 and why it should not be used.
If MD5 has inherent weaknesses that mean it should be never used, will we be
offered a more secure password hash?
Not that the choice of hash is in any way relevant to this bug. (except that the
comments surrounding it indicate that it was introduced due to the requirement
to support multiple hashes).
The inherent weaknesses of MD5 are not critical in case of password hashes. The
problem with this bug is that truncating the MD5 password enlarges the weakness
by many orders of magnitude.
However that doesn't change anything on the evaluation of this problem - it is
not a security flaw because it doesn't give any advantage to an attacker on a
system which is not broken by admin action first.
Also an attacker who already has a root can do just anything on your system so
this is not a situation we can guard against.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
QE ack for RHEL4.5.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.