*** This bug is a security vulnerability ***
Public security bug reported:
users-admin ignores the setting in sudoers, where I have configured to
use the 'target-password' instead of insecure 'user-password'. Here the
line in 'sudoers:
Defaults !lecture,tty_tickets,!fqdn,targetpw,timestamp_timeout = 0
This definitely is a severe security issue, because it is absolutely useless to
ask a user a second time for his password to gain administrative rights (he
already logged in with the same PW).
I set up a genguine root-account, so I can use a simple password to comfortably
log-in as a user, while the root-account is protected by a strong password.
This password should be used to gain administrative rights!
** Affects: ubuntu
Importance: Undecided
Status: New
** Visibility changed to: Public
--
users-admin ignores setting in /etc/sudoers
https://bugs.launchpad.net/bugs/196491
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
