Ubuntu Security :: Found Potential Login - Switch Users Method Allows To Bypass The Password Protection
Jan 7, 2011
I don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
View 3 Replies
ADVERTISEMENT
Aug 3, 2010
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
View 9 Replies
View Related
Jul 22, 2010
I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
View 6 Replies
View Related
Nov 18, 2010
I love My linux OS, and I carry It with me all the time in USB. I used to be able to boot from USB in the University computers, but not any more. Now it required Admin password in order to boot from CD or USB. I tried The VMWare, but I didn't like it. Is there any way I can get around it.
View 1 Replies
View Related
Jul 2, 2011
is there a way to make a password key-ring for a list of specifications, specifically; all the applications relating to preferences. I'm running Ubuntu 11.04, I'm the only user, I disabled all login password requirements because they were annoying me and I'm cool with anybody using any of my applications as long as they aren't capable of changing my system in any way. Some of the applications I would like to be on the list include the terminal, the network connections preferences, the keyboard preferences. I wan't to be prompted for a password before opening these programs
View 4 Replies
View Related
Mar 12, 2010
I'm a newbie running Ubuntu 9.10. I have two users (wife and me), and each user's screensaver is set to lock so that on wakeup, we get to choose which user's desktop to go to. However, Ubuntu requires a password, so this is pretty tedious.I'd like to switch users without entering any password. I know about this trick that works for the boot login, but it doesn't deal with multiple users.Is it possible to set empty passwords for users in Ubuntu, or skip the password in other ways?(I'm expecting real Linux users to suggest that passwordless users must not get any rights and there be an admin user with a strong password.
View 2 Replies
View Related
Mar 12, 2011
Is it possible to switch users in Debian without entering a password, as in Ubuntu Maverick? I already tried adding a nopasswdlogin group but it did not work, even though the "don't ask for password on login" entry in the login manager is no longer greyed out. Replacing gdm3 with gdm also did not work.
View 5 Replies
View Related
Feb 10, 2010
I've set up password-less login for user1 on a Ubuntu machine to login automatically into a Fedora box using the publickey authentication method. Everything is working smoothly. Now, there is a user2 on Fedora but he does not have an account on Ubuntu.
I tried to login as user2 from Ubuntu to but got the following error :
Code:
Predictably neither scp or sftp work either. I have several questions as a result.
1.Is the SSH server rejecting user2 login because I am inadvertently using user1 keys (as I am logged in as user1) ?
2. Do I need to have a user2 account on Ubuntu and public/private key authentication setup with Fedora for user2 to be able to login ?
3. Is there a method I can use to password login as user2 from Ubuntu to Fedora (even though there is no user2 account on Ubuntu) AND still keep password-less login for user1 or do I have to have password-less login for both ?
At present the only way to access the user2 account from Ubuntu is to SSH using the user1 account and then su to user2.
View 3 Replies
View Related
Jun 14, 2011
everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?
View 4 Replies
View Related
Aug 30, 2010
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
View 5 Replies
View Related
Jun 4, 2011
brand new 2 Ubantu & set up standard Ubantu compartment accessed via 1 user name only and password. 1st few times all good but now suddenly, unexpectedly password declared invalid. Had written down password so it is correct & not entry error. Not know how to reset password or bypass 'username/password log on screen' Am on an Acer 5542G with windows 7 home premium.
View 3 Replies
View Related
Dec 14, 2010
I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.
View 9 Replies
View Related
Feb 4, 2011
1. I am currently using a basic fedora 14. I had a fedora 8 DVD that contained many packages including its installation (I mean it was bootable and had its iso image. Now my question is that is there any way by which I can install the packages(like OpenOffice.org) from that DVD to fedora 14? I have a slow internet connection and its not possible for me to download large files.
2. I installed some packages via yum. My friend also has fedora 14 but unfortunately he doesnt have a internet connection to download the files via yum and install them. Are the .rpm files downloaded via yum stored in some specific folder, so that I can transfer those files via a flash drive to his computer and install them directly there?
3. Is there a way to autologin my account so that I dont have to type my password everytime I switch on my PC?
4. Everytime and every session I try to access a ntfs partition, it asks for my root password. Any tricks to bypass this?
View 6 Replies
View Related
Dec 23, 2010
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies
View Related
Jul 17, 2010
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies
View Related
May 11, 2010
I want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies
View Related
Mar 10, 2011
I've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?
View 9 Replies
View Related
Feb 22, 2010
My question is probably very common, but I didn't find an answer.I have several computers, each with different user. Each user has a shared folder in samba. I want all users to access all these shares with a single login/password (not with the login/passw of each particular user)
View 1 Replies
View Related
Feb 18, 2010
The login screen does not accept the password for users. Only the password for Root. The problem is not in the command line, but check the password in the screen. I have tried to change the password from the root and it is still the problem. What I can do?
View 2 Replies
View Related
Dec 3, 2010
The title says it; I want to prevent users from viewing the wireless network password.
View 9 Replies
View Related
Oct 25, 2010
When i try to login with AD credentials on Ubuntu 10.10 and the user has is password almost expire, the gdm hang and display the message "your password will expire in ... days"
If i login with any other user without that restriction, it works flawless. does anyone know what configuration file i need to change to bypass that problem.
View 2 Replies
View Related
Jun 9, 2011
We want to set up a Linux server (hosting Git or later SVN repositories) which should have all stored data strongly encrypted, so that if one steals the server the data cannot be read. For example, our notebooks have all important data stored on a "true-crypted" partition.
We plan to access it with SSH private keys and only after successful login should the data be readable. The server would be located in our office, shut down at night and not be connected to the Internet directly, but only accessible in our intranet.
View 1 Replies
View Related
Jul 26, 2010
I need to create a number of internal Linux users for admin purposes. I do not want these users to appear on the initial console login page just after Fedora boots up, as users who can attempt to log in, and I do not want to allow these users to log in directly. I merely want these users to be accessed via su, just like the root user.
View 2 Replies
View Related
Jan 2, 2010
I recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies
View Related
Jul 8, 2011
I have a Samba server running on a Red Hat 5.6 system that provides a large file share to both UNIX/Linux and Windows environments. There are two user accounts that can access this file share:
foo - has full access to ALL files in the file share
bar - has full access to just one directory tree ('dog') in the file share
I created two different mount points, one for foo and one for bar. I've set all of the files in 'dog' to be owned by bar, which works fine for the bar account. The problem is, the foo account can't access the files. Also, foo and bar need to be able to share files, by placing them in the 'dog' directory tree.
I'm not sure how to set this up using standard Samba tools. I've looked in the Samba GUI available with Red Hat, and don't see anything helpful there regarding my need. I've Google'd and have seen references to using ACLs with Samba. Is this the right solution to this problem, or have I missed something?
View 1 Replies
View Related
Dec 3, 2010
I realise that passwords are a good thing but I'm getting fed up having to enter a password just to get my wireless network to work every time I switch on Ubuntu or when I log out and back in again.
Seeing as there is nobody in the house that I want to keep away from the computer, is there a way to automatically sign-in to my wireless network without having that annoying key-chain popping up every time?
View 5 Replies
View Related
Apr 3, 2011
I have to enter the root password every time I want to run
Code:
sudo vpnc
and I know that there is a way to avoid entering password every time but I can't remember what it is.
View 9 Replies
View Related
Feb 23, 2011
I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.
So I am wondering if I even need it or if there is something else.
I am behind a firewall already with my router if that helps any.
I guess I am having trouble understanding why virus protection is less necessary.
Do people not write viruses for linux systems?
View 7 Replies
View Related
Jan 19, 2011
I installed linux system into a USB stick, but it never asks me to enter login password (i am the default user "root") when booting. I checked the settings in "User and Group" panel, and found everything there is OK. What additional settings should I make to this problem?
View 4 Replies
View Related
Apr 20, 2011
In order to save power,I want to leave the default(blank) screensaver active,in case I forget to close my monitor when the computer is running.However,the screensaver is,by default,password protected and I would like to disable this annoying feature(which is,anyway,useless for me).If I go to System>Preferences>Screensaver and uncheck "Lock screen when scrensaver is active",will this remove password protection from the screensaver?
View 2 Replies
View Related
