*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
I've came across the following post today and checked it out. To my
amazement I found it works. That leaves a huge security valnurability:
"HOWTO - reset a lost Ubuntu password
Boot Linux into single-user mode
1. Reboot the machine.
2. Press the ESC key while GRUB is loading to enter the menu.
3. If there is a 'recovery mode' option, select it and press 'b' to boot
into single user mode.
4. Otherwise, the default boot configuration should be selected. Press 'e'
to edit it.
5. Highlight the line that begins with 'kernel'. Press 'e' again to edit
this line.
6. At the end of the line, add an additional parameter: 'single'. Hit return
to make the change and press 'b' to boot.
Change the admin password
The system should load into single user mode and you'll be left at the command
line automatically logged in as root. Type 'passwd' to change the root password
or 'passwd someuser' to change the password for your "someuser" admin account.
Reboot
Once your done, give the three finger salute, or enter 'reboot' to restart into
your machine's normal configuration."
This allows you to change any password on a Linux box without knowing
any of the original passwords.
I hope this has already been addressed and there is a fix for it that I
don't seem to have.
** Affects: ubuntu
Importance: Undecided
Status: New
--
Changing passwords without asking for the original one
https://bugs.launchpad.net/bugs/267086
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
