Bugtraq mailing list archives

Re: Rh 6.1 initial root password encryption

From: escher () SPOILED ORG (Fabian Kroenner)
Date: Sat, 22 Jan 2000 12:42:51 +0100


On Fri, Jan 21, 2000 at 10:57:45AM +1100, Ken Barber wrote:

The initial root password that is set in /etc/shadow by the Red Hat 6.1
installation program is in crypt-style, not MD5. This occurs even if you
have chosen MD5 encryption in the initial setup of RH.


Hi,

this has been reported to Red Hat Oct, 10th 1999.

The Bugzilla-ID is 5542 - see:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=5542
to find out more about the status of the bug.

I suspect that it does affect all (user) accouts created during
installation with the new anaconda-installer. If I recall correctly I
have observed this in the previous (Red Hat 6.0) installer as well.
Both ask for the root password, before setting the encryption-options.

I hope they modify the installer properly, since it cannot be 'fixed'
through a package update. Using passwd after install is the only way
to do it, correct me if I am wrong.

Regards...
Fabian Kroenner <escher () spoiled org>
__________________________________________________________________
GnuPG Public Key available: http://www.spoiled.org/~escher/.pubkey
Key Fingerprint: 2311 6D40 FE1F 9D94 77AD 20CA 2F38 AD9E 19AB 6A00

Current thread:

Re: Altavista Free Internet Security, (continued)
- - - Re: Altavista Free Internet Security Bill (Jan 17)
    - Trusted process on an untrusted machine? Mike Frantzen (Jan 18)
    - Re: Trusted process on an untrusted machine? Pavel Machek (Jan 19)
    - Re: Trusted process on an untrusted machine? Mike Frantzen (Jan 19)
    - Re: Trusted process on an untrusted machine? Pavel Machek (Jan 20)
    - Re: Trusted process on an untrusted machine? Tim Newsham (Jan 19)
    - Re: Trusted process on an untrusted machine? Anonymous Anonymous (Jan 19)
    - Re: Trusted process on an untrusted machine? Crispin Cowan (Jan 19)
    - Crafted Packets Handling by Firewalls - FW-1 case Ofir Arkin (Jan 19)
    - Rh 6.1 initial root password encryption Ken Barber (Jan 20)
    - Re: Rh 6.1 initial root password encryption Fabian Kroenner (Jan 22)
    - Re: Crafted Packets Handling by Firewalls - FW-1 case Darren Reed (Jan 20)
    - Microsoft Security Bulletin (MS00-005) Microsoft Product Security (Jan 17)
    - Re: Microsoft Security Bulletin (MS00-005) bugtraq () NS DOOMSDAY COM (Jan 19)
    - Re: Microsoft Security Bulletin (MS00-005) Matt Davis (Jan 19)
    - Re: Microsoft Security Bulletin (MS00-005) Tabor J. Wells (Jan 19)
    - Unixware ppptalk what's your style? (Jan 19)
    - Re: Unixware ppptalk Andrew Malcolm (Jan 21)
    - Re: IIS still revealing paths for web directories Henrik Nordstrom (Jan 15)
    - Re: IIS still revealing paths for web directories Antonio Ropero (Jan 15)
    - Re: IIS still revealing paths for web directories Chris Tobkin (Jan 18)

(Thread continues...)