I noticed this on another forum
https://forum.siduction.org/index.php?topic=6781.msg55115;topicseen#new
Which is based on
https://calamares.io/calamares-cve/
QuoteSystems installed by Calamares up to and including Calamares 3.1 have a weaker password salt than they should. This weakness is important if an attacker has a way to obtain the password hash. The Calamares team believes that installed systems should be as secure as possible, and therefore considers this weakness important.
If affected, well a new password might be useful.
QuoteMitigation
Users are advised to reset their password on installed systems by using passwd(1):
There are two other issues in the latest 4.6 iso images, just building and uploading 4.6.1 with Calamares 3.1.1