[Touch-packages] [Bug 1767815] Re: Can use as a password

2018-05-02 Thread Marc Deslauriers
There is no CVE to assign, as there is no flaw here. As an administrator, you are requesting that the password be a space, and the system allows it since the administrator knows best. This is expected behaviour. If you don't want the password to be a space, enter an adequate password. -- You

[Touch-packages] [Bug 1767815] Re: Can use as a password

2018-05-01 Thread Dhiraj
Arrgh! I see however can we assign a CVE for this issue, I believe the issue still exists in the environment, I request for a CVE or please advise for same. Cheers! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in

[Touch-packages] [Bug 1767815] Re: Can use as a password

2018-05-01 Thread Seth Arnold
Hello Dhiraj, thanks for the report. The passwd utility assumes root knows best and allows root to set any password to anything no matter how poor. You can use the pam_cracklib(8) PAM module to enforce some minimum quality levels for your passwords when users set their own -- but of course