This is a security hole as sysadmins could view users failed passwords and guess at their real passwords and use it to potentially log into other services. This bug was mitigated by the fact that the badpassowrd table gets purged and only holds a couple of days worth of bad password. This will be accompanied by setting the password field on the badpassword table to “”.
This is a security hole as sysadmins could view users failed passwords and guess at their real passwords and use it to potentially log into other services. This bug was mitigated by the fact that the badpassowrd table gets purged and only holds a couple of days worth of bad password. This will be accompanied by setting the password field on the badpassword table to “”.