[13502] in bugtraq
Re: Rh 6.1 initial root password encryption
daemon@ATHENA.MIT.EDU (Fabian Kroenner)
Sun Jan 23 17:40:00 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000122124251.A2074@spoiled.org>
Date: Sat, 22 Jan 2000 12:42:51 +0100
Reply-To: Fabian Kroenner <escher@SPOILED.ORG>
From: Fabian Kroenner <escher@SPOILED.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3887A0F9.7A53C698@optusnet.com.au>; from ken@OPTUSNET.COM.AU on
Fri, Jan 21, 2000 at 10:57:45AM +1100
On Fri, Jan 21, 2000 at 10:57:45AM +1100, Ken Barber wrote:
> The initial root password that is set in /etc/shadow by the Red Hat 6.1
> installation program is in crypt-style, not MD5. This occurs even if you
> have chosen MD5 encryption in the initial setup of RH.
Hi,
this has been reported to Red Hat Oct, 10th 1999.
The Bugzilla-ID is 5542 - see:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=5542
to find out more about the status of the bug.
I suspect that it does affect all (user) accouts created during
installation with the new anaconda-installer. If I recall correctly I
have observed this in the previous (Red Hat 6.0) installer as well.
Both ask for the root password, before setting the encryption-options.
I hope they modify the installer properly, since it cannot be 'fixed'
through a package update. Using passwd after install is the only way
to do it, correct me if I am wrong.
Regards...
Fabian Kroenner <escher@spoiled.org>
__________________________________________________________________
GnuPG Public Key available: http://www.spoiled.org/~escher/.pubkey
Key Fingerprint: 2311 6D40 FE1F 9D94 77AD 20CA 2F38 AD9E 19AB 6A00
