[Pkg-shadow-devel] Bug#396726: chpasswd does not update opasswd

Brian Ristuccia brian at ristuccia.com
Thu Nov 2 15:38:22 CET 2006


Package: passwd
Version: 1:4.0.3-31sarge5

When changing a password with chpasswd, the previous password hash is not
stored in /etc/security/opasswd. As a result, nothing prevents the user from
changing their password back to a previous (potentially compromised) value. 

-- 
Brian Ristuccia
brian at ristuccia.com
brianr at debian.org




More information about the Pkg-shadow-devel mailing list