Fix weak salt provided to crypt.crypt() method which creates user acc…

…ount password hashes. Addresses #765 (cherry picked from commit 73fbe5a)
Antergos · Jun 20, 2017 · b59b068 · b59b068
1 parent 0fb671f
commit b59b068
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/cnchi/info.py b/cnchi/info.py
@@ -29,7 +29,7 @@
 
 """ Set some Cnchi global constants """
 
-CNCHI_VERSION = "0.14.286"
+CNCHI_VERSION = "0.14.287"
 CNCHI_WEBSITE = "http://www.antergos.com"
 CNCHI_RELEASE_STAGE = "production"
 

diff --git a/cnchi/installation/install.py b/cnchi/installation/install.py
@@ -783,7 +783,7 @@ def enable_services(services):
     @staticmethod
     def change_user_password(user, new_password):
         """ Changes the user's password """
-        shadow_password = crypt.crypt(new_password, "$6${0}$".format(user))
+        shadow_password = crypt.crypt(new_password, crypt.mksalt())
         chroot_call(['usermod', '-p', shadow_password, user])
 
     @staticmethod

diff --git a/update.info b/update.info
@@ -1,2 +1,2 @@
-{"version":"0.14.286","files":[
+{"version":"0.14.287","files":[
 ]}