Calamares will let you set up a user account with no password
Bug #2016436 reported by
Aaron Rainbolt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
calamares-settings-ubuntu (Ubuntu) |
Fix Released
|
Critical
|
Aaron Rainbolt | ||
Jammy |
Fix Released
|
High
|
Erich Eickmeyer | ||
Lunar |
Fix Released
|
Critical
|
Aaron Rainbolt |
Bug Description
Steps to reproduce:
1. Boot the Lubuntu Lunar Final ISO.
2. Install Lubuntu, but when you are asked to provide initial user account details, leave the password blank.
3. Finish the installation.
Expected result: You should be unable to proceed past the user account creation screen until you provide a password.
Actual result: You can proceed through the installation process without providing a password. The resulting user account's password will be entirely blank, allowing you to log in by simply pressing "Enter" at the SDDM screen. sudo will also work if you simply press "Enter" when asked for your password.
tags: | added: lunar |
tags: | added: lubuntu ubuntustudio |
Changed in calamares-settings-ubuntu (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → Aaron Rainbolt (arraybolt3) |
tags: | added: community-security |
information type: | Public → Public Security |
Changed in calamares-settings-ubuntu (Ubuntu Jammy): | |
status: | New → Confirmed |
importance: | Undecided → Critical |
Changed in calamares-settings-ubuntu (Ubuntu Jammy): | |
assignee: | nobody → Erich Eickmeyer (eeickmeyer) |
status: | Confirmed → In Progress |
importance: | Critical → High |
To post a comment you must log in.
Not sure if this is a bug or a feature as Linux in general will allow you to make an account with a blank password. Granted, for security reasons, it'd be really silly to so as the first user, but "stupid is as stupid does."