CVE-2022-36610 Totolink A720R V4.1.5cu.532_B20210610 had a root password stored in /etc/shadow.sample.
If you are running a production server, this password is very likely to be secure and not a password you want an attacker to have. Fortunately, there is a very simple way to change this password. Just open the following file in your favorite text editor. For example, in Linux you could use nano. Now, look for the text highlighted in red. Change the password so that it is something secure that you would want to have on a production server. Now, save the file and close your text editor.
Let’s assume you have installed your Linux distribution from a live USB or CD, or from a remote server. Now reboot your server by doing a cold reboot (no power to the server and no Ethernet connection). After the server has rebooted, log back into the server and you should see that the /etc/shadow file has been changed to something secure.
Linux - Set the root account password
To change the root account password, do the following:
1. Open a terminal window.
2. Type the following command to list all usernames on your system:
whoami
3. List all root passwords on your system:
passwd -l root
4. Change the root password to something you want it to be. For example, let's say you want to change it to "123456":
passwd -d root 123456
5. Reboot the server and login with this new password when prompted by SSH or telnet:
How to Reset a Linux MySQL Administrator Password
If you are running a production server, this password is very likely to be secure and not a password you want an attacker to have. Fortunately, there is a very simple way to change this password. Just open the following file in your favorite text editor. For example, in Linux you could use nano. Now, look for the text highlighted in red. Change the password so that it is something secure that you would want to have on a production server. Now, save the file and close your text editor.
Check for a Password Change
Look for the file /etc/shadow and make sure the password has been changed.
If it is not, you need to change your password in the /etc/shadow file to something secure. You can easily do this by editing the file in a text editor or using a command line tool like vi.
Timeline
Published on: 08/29/2022 00:15:00 UTC
Last modified on: 09/01/2022 18:51:00 UTC