Opened 15 years ago
Closed 15 years ago
#3237 closed defect (invalid)
vb-install: getPasswordForExistingUser() is too simple
Reported by: | Ceri Davies | Owned by: | |
---|---|---|---|
Component: | installer | Version: | VirtualBox 2.1.2 |
Keywords: | Cc: | ||
Guest type: | other | Host type: | Solaris |
Description
On Solaris, and other OSs, one can choose from a number of different password hashes.
The function getPasswordForExistingUser() in the vb-install script has a number of problems in relation to this, as it essentially assumes a crypt(3) encrypted password:
a) It assumes a salt is two characters in length; b) it assumes that "openssl passwd" will result in the same hash.
Finally, it also puts the password (in my case, root's password!) on the command line of openssl for all to see.
Change History (2)
comment:1 by , 15 years ago
comment:2 by , 15 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
No response, closing (still don't know which script you was talking about).
Note:
See TracTickets
for help on using tickets.
Excuse me, which vb-install script are you talking about?