CVE-2006-3597

Name of the Vulnerable Software and Affected Versions passwd version 1:4.0.13 and earlier on Ubuntu 6.06 LTS

Description The issue occurs when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, causing the root password to be left blank instead of being locked. This happens because the password is zeroed out in the installer's memory.

Recommendations For passwd version 1:4.0.13 and earlier on Ubuntu 6.06 LTS, ensure that the "Go Back" option is not selected after the final "Installation complete" message to prevent the root password from being left blank. Alternatively, manually set a strong root password after installation to mitigate the risk.