Opened 9 years ago

Closed 7 years ago

#2003 closed defect (wontfix)

webif security problem: locked password is treated as no password

Reported by: openwrt-spamtrap@… Owned by: developers
Priority: normal Milestone: 0.9/rc6
Component: base system Version:
Keywords: webif passwd -l security Cc:


How to reproduce:

  • check the webif needs the "root" password to work
  • SSH and run "passwd -l root" intending to allow login by SSH key authentication only
  • reload webif. It recommends to set a new root password
  • set new password
  • SSH in other shell and find that the root password is not locked anymore

(I know that locking the root account is strange and surely
not recommended)



Attachments (0)

Change History (1)

comment:1 Changed 7 years ago by nbd

  • Resolution set to wontfix
  • Status changed from new to closed

0.9 is unmaintained, closing ticket
by the way, on recent versions you can simply disable password logins in the dropbear config

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.