Caldera Volution Manager Default Cleartext Directory Administrator Password Vulnerability

Caldera Volution Manager Default Cleartext Directory Administrator Password Vulnerability

Solution:
Caldera has reported that the default configuration will be changed in the next revision. To implement the encryption feature, Caldera advises the following (from advisory CSSA-2002-024.0):

As the root user, run slappasswd, entering your desired
password at the prompts (the example uses newpasswd as the new
password; the password will not be seen as you type it).

# slappasswd
New password: newpasswd
Re-enter new password: newpasswd
{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz
#

The output is the new, encrypted password. In the file
/etc/ldap/slapd.conf, replace the previous rootpw line with a
line containing the new, encrypted password so that the line
looks similar to this:

rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz