Summary
In some cases, root accounts without a password were allowed to locally login via TTY1-6.
Details
On installations created with the Solus 4.4 ISOs or lower, the root account was created with an empty password. If the root password was not changed, or root logins were disabled entirely, this allowed local logins with the pam package starting from 1.5.3-27. This regression is fixed with pam 1.6.1-37.
Installations based on Solus 4.5, or those with changed root credentials were not affected.
Advice
While the issue is fixed with the pam update. It is recommended to lock the root account.
This can be done using the following terminal command:
leapfog Reporter
Summary
In some cases, root accounts without a password were allowed to locally login via TTY1-6.
Details
On installations created with the Solus 4.4 ISOs or lower, the root account was created with an empty password. If the root password was not changed, or root logins were disabled entirely, this allowed local logins with the
pampackage starting from 1.5.3-27. This regression is fixed withpam1.6.1-37.Installations based on Solus 4.5, or those with changed root credentials were not affected.
Advice
While the issue is fixed with the
pamupdate. It is recommended to lock the root account.This can be done using the following terminal command:
sudo passwd -l root