Caldera Volution Manager Default Cleartext Directory Administrator Password Vulnerability

Caldera has reported that the default configuration will be changed in the next revision. To implement the encryption feature, Caldera advises the following (from advisory CSSA-2002-024.0):

As the root user, run slappasswd, entering your desired
password at the prompts (the example uses newpasswd as the new
password; the password will not be seen as you type it).

# slappasswd
New password: newpasswd
Re-enter new password: newpasswd

The output is the new, encrypted password. In the file
/etc/ldap/slapd.conf, replace the previous rootpw line with a
line containing the new, encrypted password so that the line
looks similar to this:

rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz


Privacy Statement
Copyright 2010, SecurityFocus