Page MenuHomeSolus

gnome-system-tools: Adding/Removing user privileges with "User and Groups"->"Advanced Settings" app sets user's password to empty!
Open, HighPublic

Description

Steps to reproduce:

  1. login in a tty to verify your password work fine.
  2. Open "User and Groups" app, go to Advanced Settings and add some privilege to your user.
  3. login to a new tty and see that your password doesn't work. Try with empty password and see that it works.
  4. run passwd $USER to set user password again and repeat 1 to 3, in order to verify the issue.

I haven't tried, yet, any other tasks from User and Groups application to see what impact they have.

Event Timeline

ThanosApostolou updated the task description. (Show Details)
ThanosApostolou added a project: Restricted Project.Nov 20 2017, 3:12 PM

At first I considered this bug insignificant. But I thought that if someone is running an ssh server and this bug happen (if it is indeed reproducible) then it can become nasty. Thus, I added the Security tag.

eric-salo added a subscriber: eric-salo.EditedJan 19 2018, 6:56 PM

I just had this happen when setting up Solus Mate on my mother's laptop (she got sick of Windows). Threw me for a complete loop. Didn't even think to try a blank password until I found this.

Considering I plan on connecting via ssh to help her with updates and what not, this is definitely a security issue. But, mostly just annoying.

DataDrake triaged this task as High priority.Jul 22 2018, 2:54 PM