[Touch-packages] [Bug 1851300] Re: Xubuntu 18.04 passwd file in etc displays passwd unencrypted
[Expired for shadow (Ubuntu) because there has been no activity for 60 days.] ** Changed in: shadow (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/1851300 Title: Xubuntu 18.04 passwd file in etc displays passwd unencrypted Status in base-passwd package in Ubuntu: Invalid Status in pam package in Ubuntu: Expired Status in shadow package in Ubuntu: Expired Bug description: Hello, I have a workshop where I provide mostly Ubuntu community editions in computers and help people coming with computers already setup with a *buntu version. A lady came to me as she couldn't master her computer, (there is someone in town who installs Ubuntu editions without teaching his clients how to deal with their machines). She has an Ubuntu Xfce (Xubuntu) 18.04.x which is what she currently uses, especially as she doesn't know how to boot to the othe OS. :s So I chrooted from a live to recreate her Xubuntu user passwd, and oh surprise! The /etc/passwd file was showing her password in plain text, unencrypted. (I could read it easily, it was her family name!). I have not had the time to dig further, check other editions and versions exept the ones I use, however I think, as it has happend in the paste, the persons in charge should look into it and check all recent Ubuntu and community versions editions (if relevant). Thanks for your work! Best regards, Mélodie To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/1851300/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1851300] Re: Xubuntu 18.04 passwd file in etc displays passwd unencrypted
[Expired for pam (Ubuntu) because there has been no activity for 60 days.] ** Changed in: pam (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/1851300 Title: Xubuntu 18.04 passwd file in etc displays passwd unencrypted Status in base-passwd package in Ubuntu: Invalid Status in pam package in Ubuntu: Expired Status in shadow package in Ubuntu: Expired Bug description: Hello, I have a workshop where I provide mostly Ubuntu community editions in computers and help people coming with computers already setup with a *buntu version. A lady came to me as she couldn't master her computer, (there is someone in town who installs Ubuntu editions without teaching his clients how to deal with their machines). She has an Ubuntu Xfce (Xubuntu) 18.04.x which is what she currently uses, especially as she doesn't know how to boot to the othe OS. :s So I chrooted from a live to recreate her Xubuntu user passwd, and oh surprise! The /etc/passwd file was showing her password in plain text, unencrypted. (I could read it easily, it was her family name!). I have not had the time to dig further, check other editions and versions exept the ones I use, however I think, as it has happend in the paste, the persons in charge should look into it and check all recent Ubuntu and community versions editions (if relevant). Thanks for your work! Best regards, Mélodie To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/1851300/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1851300] Re: Xubuntu 18.04 passwd file in etc displays passwd unencrypted
This is certainly nothing to do with base-passwd: while it populates initial system accounts in /etc/passwd, it doesn't deal with managing entries there that correspond to user accounts. ** Changed in: base-passwd (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/1851300 Title: Xubuntu 18.04 passwd file in etc displays passwd unencrypted Status in base-passwd package in Ubuntu: Invalid Status in pam package in Ubuntu: Incomplete Status in shadow package in Ubuntu: Incomplete Bug description: Hello, I have a workshop where I provide mostly Ubuntu community editions in computers and help people coming with computers already setup with a *buntu version. A lady came to me as she couldn't master her computer, (there is someone in town who installs Ubuntu editions without teaching his clients how to deal with their machines). She has an Ubuntu Xfce (Xubuntu) 18.04.x which is what she currently uses, especially as she doesn't know how to boot to the othe OS. :s So I chrooted from a live to recreate her Xubuntu user passwd, and oh surprise! The /etc/passwd file was showing her password in plain text, unencrypted. (I could read it easily, it was her family name!). I have not had the time to dig further, check other editions and versions exept the ones I use, however I think, as it has happend in the paste, the persons in charge should look into it and check all recent Ubuntu and community versions editions (if relevant). Thanks for your work! Best regards, Mélodie To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/1851300/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1851300] Re: Xubuntu 18.04 passwd file in etc displays passwd unencrypted
I've selected the most likely packages to be involved, based on a guess. Without knowing how the user attempted to set their password though, this is going to be pretty impossible to track down. /etc/passwd hasn't had passwords stored in it by default for something like 25 years. My best guess at the moment is some vastly inappropriate tool was used somewhere along the way (with suspicion leaning towards web-based 'consoles'). If you can figure out how this happened (or better yet, tell us how to recreate it), please do report back and mark the bug New again. Thanks ** Information type changed from Private Security to Public Security ** Also affects: pam (Ubuntu) Importance: Undecided Status: New ** Also affects: shadow (Ubuntu) Importance: Undecided Status: New ** Changed in: base-passwd (Ubuntu) Status: New => Incomplete ** Changed in: pam (Ubuntu) Status: New => Incomplete ** Changed in: shadow (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/1851300 Title: Xubuntu 18.04 passwd file in etc displays passwd unencrypted Status in base-passwd package in Ubuntu: Incomplete Status in pam package in Ubuntu: Incomplete Status in shadow package in Ubuntu: Incomplete Bug description: Hello, I have a workshop where I provide mostly Ubuntu community editions in computers and help people coming with computers already setup with a *buntu version. A lady came to me as she couldn't master her computer, (there is someone in town who installs Ubuntu editions without teaching his clients how to deal with their machines). She has an Ubuntu Xfce (Xubuntu) 18.04.x which is what she currently uses, especially as she doesn't know how to boot to the othe OS. :s So I chrooted from a live to recreate her Xubuntu user passwd, and oh surprise! The /etc/passwd file was showing her password in plain text, unencrypted. (I could read it easily, it was her family name!). I have not had the time to dig further, check other editions and versions exept the ones I use, however I think, as it has happend in the paste, the persons in charge should look into it and check all recent Ubuntu and community versions editions (if relevant). Thanks for your work! Best regards, Mélodie To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/1851300/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp