[TriLUG] Ubuntu - great security - you'll love this
Magnus
stinkfart at gmail.com
Mon Mar 13 07:04:06 EST 2006
https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
The root password from the first user registred by Breezy can be found by
any user by reading the file /var/log/installer/cdebconf/questions.dat
a quick
grep -r rootpassword /var
shows that the rootpassword is forgotten in cleartext by the installer on
several occations
/var/log/installer/cdebconf/questions.dat:Value: mypasswd
/var/log/installer/cdebconf/questions.dat:Value: mypasswd
/var/log/debian-installer/cdebconf/questions.dat:Value: mypasswd
/var/log/debian-installer/cdebconf/questions.dat:Value: mypasswd
--
"The accumulation of all powers, legislative, executive, and judiciary, in
the same hands…may justly be pronounced the very definition of tyranny."
—James Madison, Federalist Paper No. 47
More information about the TriLUG
mailing list