How to Identify Linux User Accounts with Blank Passwords Using Command Line Techniques


11 views

Blank password configurations pose serious security vulnerabilities in Linux systems. Any user account without password protection can be accessed by anyone, making it critical for system administrators to regularly audit such accounts.

The most reliable way to find users with empty passwords is by examining the shadow file:

sudo awk -F: '($2 == "") {print $1}' /etc/shadow

This command parses the shadow file and prints usernames where the password field is empty.

For systems where you don't have sudo access to read /etc/shadow, try these methods:

Using getent and passwd

getent passwd | cut -d: -f1 | while read user; do 
    sudo passwd -S "$user" | grep -q "NP" && echo "$user has no password"; 
done

Checking Authentication Logs

Recent login attempts might reveal accounts with blank passwords:

sudo grep "password.*not" /var/log/auth.log

For environments with multiple servers, use this SSH-based approach:

for server in server1 server2 server3; do
    echo "Checking $server..."
    ssh admin@$server "sudo awk -F: '(\$2 == \"\") {print \$1}' /etc/shadow"
done

Create a cron job for periodic verification:

0 3 * * * root awk -F: '($2 == "") {print $1}' /etc/shadow | mail -s "Blank password alert" admin@example.com

For each identified account, either set a password or lock the account:

# To set a password
sudo passwd username

# To lock the account
sudo passwd -l username
  • Disable password authentication for SSH when possible
  • Implement password complexity requirements using pam_cracklib
  • Regularly audit user accounts and permissions

Empty password fields in Linux systems represent critical security vulnerabilities that attackers can exploit for unauthorized access. Unlike weak passwords that still require brute-force attempts, accounts with empty passwords grant immediate access through simple authentication attempts.

The most straightforward method combines getent with password database parsing:

getent passwd | awk -F: '{print $1}' | xargs -I {} sudo passwd -S {} | grep "NP"

This pipeline:

  1. Lists all users with getent passwd
  2. Extracts usernames with awk
  3. Checks password status for each user
  4. Filters accounts with no password ("NP" status)

For regular security audits, this Bash script provides more comprehensive checking:

#!/bin/bash
echo "Users with empty passwords:"
echo "--------------------------"

for user in $(getent passwd | cut -d: -f1); do
    if sudo passwd -S "$user" | grep -q "NP"; then
        echo "$user"
        lastlog -u "$user" | grep -v "Never logged in"
    fi
done

Advanced users can inspect the encrypted password field in /etc/shadow:

sudo awk -F: '($2 == "" || $2 == "!") {print $1}' /etc/shadow

This checks for both completely empty password fields and locked accounts (denoted by "!").

Verify your PAM configuration isn't allowing empty passwords:

grep nullok /etc/pam.d/common-auth

If this returns any results, your system may be configured to permit empty passwords.

For larger deployments, consider these approaches:

  • LDAP integration with password policy enforcement
  • Configuration management tools (Ansible/Puppet) to enforce password requirements
  • Security compliance scanners like Lynis or OpenSCAP

For any identified accounts:

# Lock the account
sudo passwd -l username

# OR set a password
sudo passwd username

Always investigate why the account had no password before remediation.