I've selected the most likely packages to be involved, based on a guess.
Without knowing how the user attempted to set their password though,
this is going to be pretty impossible to track down.
/etc/passwd hasn't had passwords stored in it by default for something
like 25 years. My best guess at the moment is some vastly inappropriate
tool was used somewhere along the way (with suspicion leaning towards
web-based 'consoles').
If you can figure out how this happened (or better yet, tell us how to
recreate it), please do report back and mark the bug New again.
Thanks
** Information type changed from Private Security to Public Security
** Also affects: pam (Ubuntu)
Importance: Undecided
Status: New
** Also affects: shadow (Ubuntu)
Importance: Undecided
Status: New
** Changed in: base-passwd (Ubuntu)
Status: New => Incomplete
** Changed in: pam (Ubuntu)
Status: New => Incomplete
** Changed in: shadow (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to base-passwd in Ubuntu.
https://bugs.launchpad.net/bugs/1851300
Title:
Xubuntu 18.04 passwd file in etc displays passwd unencrypted
Status in base-passwd package in Ubuntu:
Incomplete
Status in pam package in Ubuntu:
Incomplete
Status in shadow package in Ubuntu:
Incomplete
Bug description:
Hello,
I have a workshop where I provide mostly Ubuntu community editions in
computers and help people coming with computers already setup with a
*buntu version. A lady came to me as she couldn't master her computer,
(there is someone in town who installs Ubuntu editions without
teaching his clients how to deal with their machines).
She has an Ubuntu Xfce (Xubuntu) 18.04.x which is what she currently
uses, especially as she doesn't know how to boot to the othe OS. :s
So I chrooted from a live to recreate her Xubuntu user passwd, and oh
surprise! The /etc/passwd file was showing her password in plain text,
unencrypted. (I could read it easily, it was her family name!).
I have not had the time to dig further, check other editions and
versions exept the ones I use, however I think, as it has happend in
the paste, the persons in charge should look into it and check all
recent Ubuntu and community versions editions (if relevant).
Thanks for your work!
Best regards,
Mélodie
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/1851300/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
