Fixed passwords encryption

This commit is contained in:
Enrique Martin 2023-10-05 10:57:03 +02:00
parent f86a117e30
commit 5a7aa609a7
1 changed files with 4 additions and 3 deletions

View File

@ -534,10 +534,11 @@ if check_passwords==1:
for line in shadow_file:
username, password_hash, *_ = line.strip().split(':')
# Skip users with no password hash or system users
if password_hash != "*" and username not in ["nobody", "root", "daemon"]:
# Skip users with no password hash
if password_hash != "*" and password_hash != "!!" and password_hash != "!locked":
for weak_password in l_passwords:
weak_password_hash = crypt.crypt(weak_password, password_hash[:2])
weak_password_hash = crypt.crypt(weak_password, password_hash[:password_hash.rfind('$')])
if weak_password_hash == password_hash:
insecure_users.append(username)
break