Hello, the problem is somehow caused by nscd. When I disable passwd caching in /etc/nscd.conf and then restart nscd, the shadow passwords can only be seen by root. Because of the security risk, I recommend to set the severity of this bug to "critical". Regards Christoph