Page MenuHomeSolus
Create Task
Maniphest T5020

gnome-system-tools: Adding/Removing user privileges with "User and Groups"->"Advanced Settings" app sets user's password to empty!
Open, HighPublic
Actions

Description

Steps to reproduce:

  1. login in a tty to verify your password work fine.
  2. Open "User and Groups" app, go to Advanced Settings and add some privilege to your user.
  3. login to a new tty and see that your password doesn't work. Try with empty password and see that it works.
  4. run passwd $USER to set user password again and repeat 1 to 3, in order to verify the issue.

I haven't tried, yet, any other tasks from User and Groups application to see what impact they have.

Related Objects

Event Timeline

ThanosApostolou created this task.Nov 14 2017, 8:40 AM
ThanosApostolou updated the task description. (Show Details)
ThanosApostolou added a project: Restricted Project.Nov 20 2017, 3:12 PM

At first I considered this bug insignificant. But I thought that if someone is running an ssh server and this bug happen (if it is indeed reproducible) then it can become nasty. Thus, I added the Security tag.

baimafeima added a subscriber: baimafeima.Nov 20 2017, 5:19 PM
eric-salo added a subscriber: eric-salo.EditedJan 19 2018, 6:56 PM

I just had this happen when setting up Solus Mate on my mother's laptop (she got sick of Windows). Threw me for a complete loop. Didn't even think to try a blank password until I found this.

Considering I plan on connecting via ssh to help her with updates and what not, this is definitely a security issue. But, mostly just annoying.

DataDrake triaged this task as High priority.Jul 22 2018, 2:54 PM
DataDrake moved this task from Backlog to System and Configuration Fixes on the Software board.Jul 29 2018, 6:49 PM
kyrios123 mentioned this in T6881: Users & Groups in MATE Control Center bugged.Dec 4 2018, 6:57 PM
TClark77 added a subscriber: TClark77.Fri, Jul 21, 3:15 AM

@ThanosApostolou, is this still an issue? It has been a long time since there was an update to this task, and there have been many updates since this issue was opened.

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.