Originally posted by bignerd
[B]To put iago's response into perspective...
You're absolutely right, the odds are incredibly small that this is what happened.
More than likely, if you've seen this, it's happening for a different reason.
Perhaps more details would help:
- What distro are you using? (Sorry, I just looked. I'd bet your whole problem is that you're using Linspire :P)
- How did you discover this phenomenon?
- Can you give us the line for the account in /etc/passwd and /etc/shadow? It's understandable if you can't.
- Is it possible that somebody has installed a backdoor?
- Do both passwords work for logging in from tty, logging in via ssh, switching user view su, etc? If it's just occuring through, for example, ssh, it's possible that there's a backdoor there.
- Do a google search for the password that shouldn't be there, see if it's associated with any known trojans or backdoors. It's possible that, if it IS a backdoor, the password could be set by whoever installed it. But check anyway.
Hope this helps.