Return to site
Return to site

Mkpasswd For Mac

broken image


The mkpasswd program can be used to create a /etc/passwd file. Cygwin doesn't need this file, because it reads user information from the Windows account databases, but you can add an /etc/passwd file, for instance if your machine is often disconnected from its domain controller. ‎LastPass simplifies your digital life. From your LastPass vault, you can store passwords and logins, create online shopping profiles, generate strong passwords and more. All you must do is remember your LastPass master password, and LastPass autofills web browser and app logins for you.

Overview

Mkpasswd generates passwords that are insufficiently random.

Description

Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict passwords and consequently gain unauthorized access to other accounts on the system. This vulnerability occurs because mkpasswd uses the current process ID as the seed for the random number generator. Because of this, the number of passwords is limited to the size of the process table on the operating system.

Impact

An attacker may be able to predict passwords and consequently gain unauthorized access to other accounts on the system.

Solution

Apply a patch from your vendor.

Vendor Information

Filter by status:
Filter by content: Additional information available
Javascript is disabled. Click here to view vendors.

Red Hat Inc. Affected

Updated: April 02, 2003

Status

Mkpasswd

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Red Hat has fixed this problem. For details, please see Bugzilla Bug 9507.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc. Not Affected

Updated: April 03, 2003

Status

Not Affected

Vendor Statement

mkpasswd is not shipped with Mac OS X.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Kmspico 10.2.1 download

Mkpasswd For Macbook Air

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks Inc. Not Affected

Dragon quest 4 mini medals set. Updated: April 04, 2003

Status

Not Affected

Vendor Statement

Foundry Networks do not use the mkpasswd utility in any of its products. Foundry products are not vulnerable.

Vendor Information

Mac

The vendor has not provided us with any further information regarding this vulnerability.

Mkpasswd for mac pro

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu Not Affected

Updated: April 10, 2003

Status

Not Affected

Vendor Statement

Fujitsu's UXP/V o.s. is not affected by the problem in VU#527736.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Not Affected

Updated: April 03, 2003

Status

Not Affected

Vendor Statement

SOURCE:
Hewlett-Packard Company
HP Services
Software Security Response Team

Update 01
x-ref: SSRT3532
Hewlett Packard has investigated this report and find that:
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi Not Affected

Updated: April 11, 2003

Status

Not Affected

Mkpasswd

Vendor Statement

Hitachi's HI-UX/WE2 is NOT vulnerable, because it does not have mkpasswd.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Mkpasswd For Mac Os

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics


References

Acknowledgements

Mkpasswd For Macbook Pro

This vulnerability was reported by Shez .

This document was written by Ian A. Finlay.

Other Information

CVE IDs:None
Severity Metric:7.03
Date Public:2001-04-11
Date First Published:2003-04-02
Date Last Updated: 2003-04-11 12:39 UTC
Document Revision: 19
Platform independant what of generating Linux compatible crypt(3) sha512 hashes ($6$ style). For systems (like macOS/OSX) where you can't `mkpasswd -m sha-512`.
mkpasswd.py
#!/usr/bin/env python3
# Because OSX doesn't have mkpasswd..
# Based on https://stackoverflow.com/a/17992126/117471
# python3 -c 'from passlib.hash import sha512_crypt; print(sha512_crypt.encrypt(input()))' <<< bruno # NOQA
# Usage:
#
# $ ./mkpasswd.py
# Password:
# $6$rounds=656000$pfFmQISGcjWHOCxW$rBptiSK.tqSPnUiq6KiSHzz6LvvW/x1SjkkWFwxWB9Dt75NLNBs0N3OyGV4K5ejjBs/u.o3jtigvUKbmmwVQP.
#
# $ PROCESS_TIME=1 ./mkpasswd.py
# Password:
# $6$rounds=656000$e0OGrad82DBrUo9T$ldqtOdN54gmXI6nb0D.Y5mm5ih.LIQm/Ep/bkNL76.3hE65FqXA9wyZ.M5YOrv6dSvwhPAktXGJ6LJT0Fgd4x.
# 656000 rounds in 1.008705 seconds of cpu time
#
# $ ROUNDS=1280000 PROCESS_TIME=1 ./mkpasswd.py <<< bruno
# $6$rounds=1280000$QO5FSyw5rQpiY6PI$0zRMJ4RzCbH61XxIdpsUm/79.VZ13Mm9TBN9GvJwt1LI1U5FVzakrLya5VJsXlTou3p5ZeWmo29bIUjubRuc31
# 1280000 rounds in 1.9206560000000001 seconds of cpu time
importos
importsys
importtime
fromgetpassimportgetpass
frompasslib.hashimportsha512_crypt
rounds=os.environ.get('ROUNDS')
ifnotrounds:
rounds=sha512_crypt.default_rounds
passwd=input() ifnotsys.stdin.isatty() elsegetpass()
proc=sha512_crypt.using(rounds=rounds)
start=time.process_time()
out=proc.encrypt(passwd)
end=time.process_time()
print(out)
ifos.environ.get('PROCESS_TIME'):
print('{} rounds in {} seconds of cpu time'.format(rounds, end-start))
Mkpasswd for mac os

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Red Hat has fixed this problem. For details, please see Bugzilla Bug 9507.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc. Not Affected

Updated: April 03, 2003

Status

Not Affected

Vendor Statement

mkpasswd is not shipped with Mac OS X.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Mkpasswd For Macbook Air

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks Inc. Not Affected

Dragon quest 4 mini medals set. Updated: April 04, 2003

Status

Not Affected

Vendor Statement

Foundry Networks do not use the mkpasswd utility in any of its products. Foundry products are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu Not Affected

Updated: April 10, 2003

Status

Not Affected

Vendor Statement

Fujitsu's UXP/V o.s. is not affected by the problem in VU#527736.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Not Affected

Updated: April 03, 2003

Status

Not Affected

Vendor Statement

SOURCE:
Hewlett-Packard Company
HP Services
Software Security Response Team

Update 01
x-ref: SSRT3532
Hewlett Packard has investigated this report and find that:
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi Not Affected

Updated: April 11, 2003

Status

Not Affected

Vendor Statement

Hitachi's HI-UX/WE2 is NOT vulnerable, because it does not have mkpasswd.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Mkpasswd For Mac Os

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics


References

Acknowledgements

Mkpasswd For Macbook Pro

This vulnerability was reported by Shez .

This document was written by Ian A. Finlay.

Other Information

CVE IDs:None
Severity Metric:7.03
Date Public:2001-04-11
Date First Published:2003-04-02
Date Last Updated: 2003-04-11 12:39 UTC
Document Revision: 19
Platform independant what of generating Linux compatible crypt(3) sha512 hashes ($6$ style). For systems (like macOS/OSX) where you can't `mkpasswd -m sha-512`.
mkpasswd.py
#!/usr/bin/env python3
# Because OSX doesn't have mkpasswd..
# Based on https://stackoverflow.com/a/17992126/117471
# python3 -c 'from passlib.hash import sha512_crypt; print(sha512_crypt.encrypt(input()))' <<< bruno # NOQA
# Usage:
#
# $ ./mkpasswd.py
# Password:
# $6$rounds=656000$pfFmQISGcjWHOCxW$rBptiSK.tqSPnUiq6KiSHzz6LvvW/x1SjkkWFwxWB9Dt75NLNBs0N3OyGV4K5ejjBs/u.o3jtigvUKbmmwVQP.
#
# $ PROCESS_TIME=1 ./mkpasswd.py
# Password:
# $6$rounds=656000$e0OGrad82DBrUo9T$ldqtOdN54gmXI6nb0D.Y5mm5ih.LIQm/Ep/bkNL76.3hE65FqXA9wyZ.M5YOrv6dSvwhPAktXGJ6LJT0Fgd4x.
# 656000 rounds in 1.008705 seconds of cpu time
#
# $ ROUNDS=1280000 PROCESS_TIME=1 ./mkpasswd.py <<< bruno
# $6$rounds=1280000$QO5FSyw5rQpiY6PI$0zRMJ4RzCbH61XxIdpsUm/79.VZ13Mm9TBN9GvJwt1LI1U5FVzakrLya5VJsXlTou3p5ZeWmo29bIUjubRuc31
# 1280000 rounds in 1.9206560000000001 seconds of cpu time
importos
importsys
importtime
fromgetpassimportgetpass
frompasslib.hashimportsha512_crypt
rounds=os.environ.get('ROUNDS')
ifnotrounds:
rounds=sha512_crypt.default_rounds
passwd=input() ifnotsys.stdin.isatty() elsegetpass()
proc=sha512_crypt.using(rounds=rounds)
start=time.process_time()
out=proc.encrypt(passwd)
end=time.process_time()
print(out)
ifos.environ.get('PROCESS_TIME'):
print('{} rounds in {} seconds of cpu time'.format(rounds, end-start))
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment




broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save