Welcome to SparkyLinux forums
Zapraszamy również na polsko-języczne Forum https://forum.linuxiarze.pl

calmares password weakness

Started by paxmark1, July 07, 2017, 07:39:41 AM

Previous topic - Next topic

paxmark1

I noticed this on another forum
https://forum.siduction.org/index.php?topic=6781.msg55115;topicseen#new

Which is based on
https://calamares.io/calamares-cve/

QuoteSystems installed by Calamares up to and including Calamares 3.1 have a weaker password salt than they should. This weakness is important if an attacker has a way to obtain the password hash. The Calamares team believes that installed systems should be as secure as possible, and therefore considers this weakness important.

If affected, well a new password might be useful.

QuoteMitigation

Users are advised to reset their password on installed systems by using passwd(1):
Search forum for "More info easier via inxi"    If requested -  no inxi, no help for you by  me.

pavroo

There are two other issues in the latest 4.6 iso images, just building and uploading 4.6.1 with Calamares 3.1.1
Nothing is easy as it looks. Danielle Steel

View the most recent posts on the forum