Ubuntu
ubiquity package

Passwords instead of Full Names

Bug #123425 reported by Dainaccio
8
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)
Fix Released
High
Evan

Bug Description

I was installing Gutsy in a new HD in my PC (not upgrading).
During the wizard I decided to import users from a Feisty in the same PC.
I selected the users, left empty the "full name" box and I filled the "password" box for everyone.
At the first execution of the OS I went to System-> Administration->Users and the list of the users showed in "plain text" the password in the column "full name".

Unlucky I deleted the OS and I can't try to repeat the procedure. Maybe someone should try to do the same to confirm the bug.

Revision history for this message
Kees Cook (kees) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

Revision history for this message
Pascal De Vuyst (pascal-devuyst) wrote :

This bug did not have a package associated with it, which is important for ensuring that it gets looked at by the proper developers. You can learn more about finding the right package at [WWW] https://wiki.ubuntu.com/Bugs/FindRightPackage. I have classified this bug as a bug in ubiquity.

Pascal De Vuyst (pascal-devuyst)
Changed in ubiquity:
importance: Undecided → High
Evan (ev)
Changed in ubiquity:
assignee: nobody → evand
status: New → Confirmed
Revision history for this message
Evan (ev) wrote :

This was a glaring error on my part in not quoting specific shell variables.
As mentioned this can only be trigged for users created by migration-assistant that do not have a full name set. It does *not* affect the default user (the one that can sudo) as the code to create that user is always handled by user-setup, regardless of whether or not the account information is gathered from migration-assistant. Any accounts that are affected by this will not be able to log in.

Changed in ubiquity:
status: Confirmed → Fix Committed
Revision history for this message
cablop (cablop) wrote :

Feisty desktop installer has the same bug. I think it is a security issue because it allow the steal of privacy data, in fact the password.

I think you must fix feisty isos too

Revision history for this message
Evan (ev) wrote : Re: Passwords intead of Full Names

migration-assistant (0.5.0) gutsy; urgency=low

  * Handle more than one installed copy of Windows (LP: #97081).
  * Error if unable to mount Linux partitions.
  * Bump installer-menu-item to 6400.
  * Close directories in ma-search-users.
  * Don't unmount devices when we can avoid having to.
  * Look for registry files case-insensitively.
  * Quote arguments to add_user (LP: #123425).
  * Use stat instead of the DT_ macros to avoid issues with fuse.
  * Add a debug log.

 -- Evan Dandrea <email address hidden> Tue, 31 Jul 2007 20:21:35 -0400

Changed in ubiquity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.