pwd_mkdb copies comments from /etc/master.passwd to /etc/passwd.
Since /etc/passwd is world readable this could reveal encrypted,
although currently not active, passwords from entries that have
been commented out for some reason.
Fix: A solution would be to not copy comments to /etc/passwd:
Add a user with password to /etc/master.passwd.
vipw and comment out the entry by adding a # in front of it.
As normal user: grep '#' /etc/passwd
The result looks something like this:
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
For bugs matching the following criteria:
Status: In Progress Changed: (is less than) 2014-06-01
Reset to default assignee and clear in-progress tags.
Mail being skipped
MARKED AS SPAM