[Pkg-shadow-devel] Bug#396726: chpasswd does not update opasswd

[Brian Ristuccia]

Package: passwd
Version: 1:4.0.3-31sarge5

When changing a password with chpasswd, the previous password hash is not
stored in /etc/security/opasswd. As a result, nothing prevents the user from
changing their password back to a previous (potentially compromised) value. 

-- 
Brian Ristuccia
brian at ristuccia.com
brianr at debian.org