I can confirm that they were in fact fixed. The plain text password exploit was related to the installer script (known as Ubiquity) keeping the root password that you select in a plain text file in the system after installation rather than immediately deleting it. This was fixed back between Dapper / Edgy.
<br><br>-David<br><br><div><span class="gmail_quote">On 9/25/07, <b class="gmail_sendername">Jim Hutchinson</b> <<a href="mailto:jim@ubuntu-rocks.org">jim@ubuntu-rocks.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Plain text passwords than Andrew referred to have been fixed - I think.<br><br>On 9/25/07, Neal McBurnett <<a href="mailto:neal@bcn.boulder.co.us">neal@bcn.boulder.co.us</a>> wrote:<br>> On Tue, Sep 25, 2007 at 04:40:39PM -0600, Jim Hutchinson wrote:
<br>> > I think that's been fixed.<br>> ><br>> > On 9/25/07, Andrew <<a href="mailto:keen101@gmail.com">keen101@gmail.com</a>> wrote:<br>> > > I heard that the Canonical people were planning to fix the security flaw in
<br>> > > Ubuntu, where passwords are kept in plain text.<br>><br>> Huh? You'll have to be a bit more specific there for me.<br>><br>> But this google result was a disappointment for me about gaim/pidgin:
<br>><br>> <a href="http://www.osnews.com/story.php/17964/Insecure-Passwords-on-GaimPidgin/">http://www.osnews.com/story.php/17964/Insecure-Passwords-on-GaimPidgin/</a><br>><br>> $ grep password $HOME/.{gaim,pidgin}/accounts.xml
<br>><br>> Neal McBurnett <a href="http://mcburnett.org/neal/">http://mcburnett.org/neal/</a><br>><br>> --<br>> Ubuntu-us-co mailing list<br>> <a href="mailto:Ubuntu-us-co@lists.ubuntu.com">
Ubuntu-us-co@lists.ubuntu.com</a><br>> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co">https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co</a><br>><br><br><br>--
<br>Please avoid sending me Word or PowerPoint attachments.<br>See <a href="http://www.gnu.org/philosophy/no-word-attachments.html">http://www.gnu.org/philosophy/no-word-attachments.html</a><br><br>--<br>Ubuntu-us-co mailing list
<br><a href="mailto:Ubuntu-us-co@lists.ubuntu.com">Ubuntu-us-co@lists.ubuntu.com</a><br>Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co">https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
</a><br></blockquote></div><br><br clear="all"><br>-- <br>---------------------------------------------------------<br><a href="http://www.funnylookinhat.com">http://www.funnylookinhat.com</a><br>AIM: FunnyLookinHat<br>ICQ: 40145621
<br>MSN: <a href="mailto:funnylookinhat@gmail.com">funnylookinhat@gmail.com</a><br>Jabber: <a href="mailto:funnylookinhat@gmail.com">funnylookinhat@gmail.com</a><br>IRC: <a href="http://irc.freenode.net">irc.freenode.net</a>
<br>---------------------------------------------------------