Ticket #3237 (closed defect: invalid)

Opened 9 years ago

Last modified 9 years ago

vb-install: getPasswordForExistingUser() is too simple

Reported by: ceri Owned by:
Priority: major Component: installer
Version: VirtualBox 2.1.2 Keywords:
Cc: Guest type: other
Host type: Solaris


On Solaris, and other OSs, one can choose from a number of different password hashes.

The function getPasswordForExistingUser() in the vb-install script has a number of problems in relation to this, as it essentially assumes a crypt(3) encrypted password:

a) It assumes a salt is two characters in length; b) it assumes that "openssl passwd" will result in the same hash.

Finally, it also puts the password (in my case, root's password!) on the command line of openssl for all to see.

Change History

comment:1 Changed 9 years ago by frank

Excuse me, which vb-install script are you talking about?

comment:2 Changed 9 years ago by frank

  • Status changed from new to closed
  • Resolution set to invalid

No response, closing (still don't know which script you was talking about).

Note: See TracTickets for help on using tickets.
ContactPrivacy policyTerms of Use