Ticket #3237 (closed defect: invalid)
vb-install: getPasswordForExistingUser() is too simple
|Reported by:||ceri||Owned by:|
On Solaris, and other OSs, one can choose from a number of different password hashes.
The function getPasswordForExistingUser() in the vb-install script has a number of problems in relation to this, as it essentially assumes a crypt(3) encrypted password:
a) It assumes a salt is two characters in length; b) it assumes that "openssl passwd" will result in the same hash.
Finally, it also puts the password (in my case, root's password!) on the command line of openssl for all to see.