Xubuntu 18.04 passwd file in etc displays passwd unencrypted
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
base-passwd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
pam (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
shadow (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hello,
I have a workshop where I provide mostly Ubuntu community editions in computers and help people coming with computers already setup with a *buntu version. A lady came to me as she couldn't master her computer, (there is someone in town who installs Ubuntu editions without teaching his clients how to deal with their machines).
She has an Ubuntu Xfce (Xubuntu) 18.04.x which is what she currently uses, especially as she doesn't know how to boot to the othe OS. :s
So I chrooted from a live to recreate her Xubuntu user passwd, and oh surprise! The /etc/passwd file was showing her password in plain text, unencrypted. (I could read it easily, it was her family name!).
I have not had the time to dig further, check other editions and versions exept the ones I use, however I think, as it has happend in the paste, the persons in charge should look into it and check all recent Ubuntu and community versions editions (if relevant).
Thanks for your work!
Best regards,
Mélodie
information type: | Private Security → Public Security |
Changed in base-passwd (Ubuntu): | |
status: | New → Incomplete |
Changed in pam (Ubuntu): | |
status: | New → Incomplete |
Changed in shadow (Ubuntu): | |
status: | New → Incomplete |
I've selected the most likely packages to be involved, based on a guess. Without knowing how the user attempted to set their password though, this is going to be pretty impossible to track down.
/etc/passwd hasn't had passwords stored in it by default for something like 25 years. My best guess at the moment is some vastly inappropriate tool was used somewhere along the way (with suspicion leaning towards web-based 'consoles').
If you can figure out how this happened (or better yet, tell us how to recreate it), please do report back and mark the bug New again.
Thanks