Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Password Readable in Clear Text with Ubuntu

Posted by ryuzaki0 on from the that's-a-big-oops dept.

BBitmaster writes "An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away."

19 of 520 comments (clear)

  1. Open source by L505 · · Score: 5, Funny

    What's the problem? Open source passwords make it more secure.

    1. Re:Open source by themoodykid · · Score: 3, Funny

      Yes, exactly. If someone screws up your system, somebody else will come along and fix it for you. The many eyes make all bugs shallow or something. Think of it as a Wiki-style OS security.

    2. Re:Open source by Anonymous Coward · · Score: 1, Funny

      At a press conference, when asked how the Ubuntu team felt about dealing a massive blow to the public image of open source software, a member of the team responded, "Oops, our bad," and proceeded to play an animation of a badger eating a penguin.

  2. The cyberpunk credo comes to mind... by Anonymous Coward · · Score: 5, Funny

    Information wants to be free

  3. windows by Chimera512 · · Score: 3, Funny

    see this is why i use windows. there are never security patches to install, just service packs which allow me to get new secutiry features like windows firewall. nothing beats windows security, and there's that helpful blue screen to tell me if something's gone wrong.

  4. steenkin batchers by Anonymous Coward · · Score: 5, Funny

    Fuuuuck.

    I knew I never should have trusted those badgers.

    Smiling at me with their big cartoon teeth, eating up all the aspen, wanting to admin their own machines.

    I've been a sap, and it's going to cost me.

    And now I'm worried about the hedgehogs.

  5. Re:okay by MichaelSmith · · Score: 3, Funny
    A patch in 2 hours for a massive security hole in an OS, on a sunday as mentioned earlier.

    Sunday is probably peak development time for free software.

    --
    http://michaelsmith.id.au
  6. Open Password! by aurb · · Score: 5, Funny

    Contribute to Open Password comunity - release your passwords under the GPP (General Public Password) license! Because closed passwords are just series of * symbols - it's hard to use, share and modify them freely. :-)

    1. Re:Open Password! by AuMatar · · Score: 4, Funny

      But my root password really is ********. I mean really, who the hell is going to guess that?

      --
      I still have more fans than freaks. WTF is wrong with you people?
  7. Re:Saw this on Digg by Anonymous Coward · · Score: 1, Funny

    Although ironically how many people now have...


    grep -ir myrootpass /*

    ...in their .bash_history file from checking their own system for this mistake?

  8. UNIX mouse driver released by L505 · · Score: 1, Funny

    Click? Since when did UNIX have mice.

  9. Whew! by cciRRus · · Score: 2, Funny

    Good thing I'm using Windows.

    --
    w00t
  10. Re:MOD PARENT UP by optikSmoke · · Score: 2, Funny
    Where else am i supposed to store my passwords?

    /etc/motd?

    (Just in case...)

  11. Re:Solution by GigsVT · · Score: 2, Funny

    Let me guess, it runs grep -v yourPassword on the log file, which then gets entered into the bash history? :)

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  12. Re:Patch mirror by zcat_NZ · · Score: 2, Funny

    echo "Why would anyone leave their root password hardcoded in a bash script" ; exit 1

    --
    455fe10422ca29c4933f95052b792ab2
  13. Re:Choose strong obscure passwords by grahamlee · · Score: 5, Funny

    Hey, if we're thinking of the future, let's not use a fixed-width length field for the string at all! That way, we can never generate a string longer than the permitted length field. Let's just terminate the string by a known character sequence, and guarantee that that sequence doesn't appear in the string itself. We could use the \0 character as the terminator.

  14. Re:first rule by Vo0k · · Score: 3, Funny

    > So they call me as they need the password for the isp access, "penis",

    If you tried this on my system, it wouldn't work, it would say your password is too short.

    --
    Anagram("United States of America") == "Dine out, taste a Mac, fries"
  15. troll by Anonymous Coward · · Score: 1, Funny

    Are those ubunto folks pretending to have users again?

  16. Re:Saw this on Digg by tolan-b · · Score: 2, Funny

    While I wouldn't quite put it as trollfully as you have, I would agree with you that it wouldn't be my first choice for a server OS. That'd probably be Debian stable.