FS#2634 : Luci allows access if root password is cleared and locked

Quick Actions

View Dependency Graph

Status Unconfirmed
Percent Complete
0%
Task Type Bug Report
Category Base system
Assigned To No-one
Operating System All
Severity Critical
Priority Very Low
Reported Version All
Due in Version Undecided
Due Date Undecided
Private

Attached to Project: OpenWrt/LEDE Project
Opened by Fabian Bläse - 26.11.2019

FS#2634 - Luci allows access if root password is cleared and locked

Luci doesn’t correctly handle a disabled, empty password for root.
Deleting and disabling the root password makes the luci interface accessible without a password.

Steps to reproduce:
- Delete root password (passwd -d root)
- Lock root password (passwd -l root)
- Try to access Luci

Jo-Philipp Wich commented on 26.11.2019 13:29

luci → rpcd

Loading...

Keyboard shortcuts

Available keyboard shortcuts

SHIFT+ALT+l Login Dialog / Logout
SHIFT+ALT+a Add new task
SHIFT+ALT+m My searches
SHIFT+ALT+t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
SHIFT+ALT+e ENTER Edit this task
SHIFT+ALT+y Close Task

Task Editing

SHIFT+ALT+s save task