peerchemist / Peerbox

DEPRECATED
GNU General Public License v3.0
19 stars 22 forks source link

Root password enabled by default and is weak #15

Closed Thireus closed 9 years ago

Thireus commented 9 years ago

Peerbox is deployed with a default password for "root", which is "root".

# head -n1 /etc/shadow
root:$6$uemJowkh$c1eVmV2AWCjKR2E6sXBdAy/hR6YsoE683t.hnxBV9Vut5b63V5ksLHjvxqGTnr/YCDiZ6YpSz/qPSjEOxcyBc1:16254::::::

Which can be cracked:

$6$uemJowkh$c1eVmV2AWCjKR2E6sXBdAy/hR6YsoE683t.hnxBV9Vut5b63V5ksLHjvxqGTnr/YCDiZ6YpSz/qPSjEOxcyBc1:root

The user "sunny" is already deployed on Peerbox and is in the sudoers list. There shouldn't be any passwords enabled for the user "root". Please remove.

peerchemist commented 9 years ago

fixed by https://github.com/peerchemist/Peerbox/commit/909b4cce104b2b6774e8e1933cb510a4e9869d0b