Vulnerability Development mailing list archives

Re: \'useradd -p\' problems.

From: Steve Mickeler <steve () neptune on ca>
Date: Tue, 28 Aug 2001 15:54:17 -0400 (EDT)

On Tue, 28 Aug 2001 joetesta () hushmail com wrote:

Hi --

    On my Trustix 1.2 box, I noticed that creating a user with 'useradd' and
the '-p' option (which gives the new user a default password) does not hash
the password in /etc/shadow:


did you happen to 'man useradd' before posting this ?

       -p passwd
              The  encrypted password, as returned by crypt(3).  The
default is to disable the account.

"man crypt" would be your next adventure.

This bug doesn't seem exploitible for two reasons:


Thats because its not a bug.


Todays root password is brought to you by /dev/random

.-------------------------------------.
| Steve Mickeler * Network Operations |
+-------------------------------------+
|     Neptune Internet Services       |
`-------------------------------------'

1024D/ACB58D4F = 0227 164B D680 9E13 9168  AE28 843F 57D7 ACB5 8D4F

Current thread:

\'useradd -p\' problems. joetesta (Aug 28)
- Re: \'useradd -p\' problems. Steve Mickeler (Aug 28)
- Re: \'useradd -p\' problems. Gordon Messmer (Aug 28)
- Re: \'useradd -p\' problems. Blue Boar (Aug 28)
  - Re: \'useradd -p\' problems. Blue Boar (Aug 28)