[Pkg-shadow-devel] Bug#396726: chpasswd does not update opasswd
Brian Ristuccia
brian at ristuccia.com
Thu Nov 2 15:38:22 CET 2006
Package: passwd
Version: 1:4.0.3-31sarge5
When changing a password with chpasswd, the previous password hash is not
stored in /etc/security/opasswd. As a result, nothing prevents the user from
changing their password back to a previous (potentially compromised) value.
--
Brian Ristuccia
brian at ristuccia.com
brianr at debian.org
More information about the Pkg-shadow-devel
mailing list