After testing out the WordPress install script, I checked the wp-config.php file and the password salts are empty:
define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here');
The salts are generated automatically if you install WordPress normally. In the wp-config.php file, it references https://api.wordpress.org/secret-key/1.1/salt/ to generate the salts. Perhaps you could incorporate that into the WordPress install script and also for the WordPress Multisite install script as well.
thanks, Don
Comments
Submitted by JamieCameron on Sat, 03/01/2014 - 12:04 Comment #1
Thanks for pointing this out - this will be fixed in the next Virtualmin release.
Submitted by Issues on Sat, 03/15/2014 - 13:11 Comment #2
Automatically closed -- issue fixed for 2 weeks with no activity.