Is there a different repository where I should submit this PR? On Thu, Mar 7, 2019 at 2:30 PM Dimitri John Ledkov <[email protected]> wrote:
> ** Tags added: rls-dd-incoming > > ** Changed in: system-config-kickstart (Ubuntu) > Assignee: (unassigned) => Canonical Foundations Team > (canonical-foundations) > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1807479 > > Title: > Hashed passwords stored as MD5 hashes in /etc/shadow > > Status in system-config-kickstart package in Ubuntu: > New > > Bug description: > The root password (if specified) and initial user account password > (required) are encrypted using an (insecure) MD5 hash. The resulting > kickstart file will build virtual machines that store the MD5 hashed > password in /etc/shadow for the root and/or initial user. > > Currently Ubuntu uses SHA512 for storing hashed passwords in > /etc/shadow, but MD5 still works for the sake of backwards > compatibility. Using MD5 hashes for any passwords is highly insecure > and should be avoided. > > 1) The release of Ubuntu you are using, via 'lsb_release -rd' or > System -> About Ubuntu > > $ lsb_release -rd > Description: Ubuntu 18.10 > Release: 18.10 > > 2) The version of the package you are using, via 'apt-cache policy > pkgname' or by checking in Software Center > > $ apt-cache policy system-config-kickstart > system-config-kickstart: > Installed: 2.5.20-0ubuntu25 > Candidate: 2.5.20-0ubuntu25 > Version table: > *** 2.5.20-0ubuntu25 500 > 500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 > Packages > 500 http://us.archive.ubuntu.com/ubuntu bionic/universe i386 > Packages > 100 /var/lib/dpkg/status > > > 3) What you expected to happen > > I expected system-config-kickstart to use SHA512 for storing hashed > passwords. (Hash starts with "$6$".) > > 4) What happened instead > > system-config-kickstart used MD5 for storing hashed passwords. (Hash > starts with "$1$".) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions > -- Earl Ruby http://earlruby.org/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
