Bug in Ubuntu Breezy exposes root password

In actual there is no user account called root in Ubuntu. A normal user can become root by using the sudo command. But in Breezy, the first user’s password is can be easily found by any user reading the file /var/log/installer/cdebconf/questions.dat. This bug is present only in Breezy (5.10) and not in Dapper(6.04) the yet to be released version.

There are two packages – base-config and passwd which needs to be upgraded to prevent this problem. A standard system upgrade will fix this problem.

If you are upgrading from 5.10 to 6.04 then you need to upgrade your passwd package to the newest version.

ubuntu, breezy, dapper, root+user