Can use <space> as a password
Bug #1767815 reported by
Dhiraj
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| shadow (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Hi Team,
I am not sure about this, but thought of reporting tho!.
warmachine@ftw:~$ uname -a
Linux ftw 4.13.0-39-generic #44~16.04.1-Ubuntu SMP Thu Apr 5 16:43:10 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
However, while creating a user `sudo adduser test` I can keep only <space's> has my password for test user.
Could someone please look into this and advise me for same. I believe password must be robust or only <spaces> should not be allowed.
Thank you
DM
| affects: | launchpad → shadow (Ubuntu) |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in shadow (Ubuntu): | |
| status: | New → Won't Fix |
Revision history for this message
| Dhiraj (mishra-dhiraj95) wrote | #2 |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #3 |
To post a comment you must log in.
Hello Dhiraj, thanks for the report. The passwd utility assumes root knows best and allows root to set any password to anything no matter how poor.
You can use the pam_cracklib(8) PAM module to enforce some minimum quality levels for your passwords when users set their own -- but of course frustrated users may pick bad passwords this module doesn't know how to discover.
Thanks