How to Address the “User(s) With Blank Password” Vulnerability

Details of the Vulnerability


The user ((local service account) has blank password in the shadow file, which allows to connect to the system without entering a password.


An attacker may connect to the system by knowing just the username.


Set a password for the user(local service account). ( Many companies security policy does not allow an password for the user)

If still the application users need to access without a password,  The password should rather be locked:“ ie Lock the passwordless local service account.”. Setting password for local service account is against many companies security policy.

This can be easily fixed. All you need is “passwd -l user(local service account)”, and it will change the user(local service account) in /etc/shadow


From blank password:

user(local service account)::16555:0:99999:7:::

To locked State:

user(local service account):!!:16555:0:99999:7:::


, ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *

eXTReMe Tracker