diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
--- shadow-4.2.1/src/usermod.c.unlock	2014-12-01 15:14:58.000000000 +0100
+++ shadow-4.2.1/src/usermod.c	2015-08-27 14:31:50.899712180 +0200
@@ -455,9 +455,12 @@ static char *new_pw_passwd (char *pw_pas
 		strcat (buf, pw_pass);
 		pw_pass = buf;
 	} else if (Uflg && pw_pass[0] == '!') {
-		char *s;
+		char *s = pw_pass;
 
-		if (pw_pass[1] == '\0') {
+		while ('!' == *s)
+			++s;
+
+		if (*s == '\0') {
 			fprintf (stderr,
 			         _("%s: unlocking the user's password would result in a passwordless account.\n"
 			           "You should set a password with usermod -p to unlock this user's password.\n"),
@@ -471,12 +474,15 @@ static char *new_pw_passwd (char *pw_pas
 		              user_newname, (unsigned int) user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
-		s = pw_pass;
-		while ('\0' != *s) {
-			*s = *(s + 1);
-			s++;
-		}
+		memmove (pw_pass, s, strlen (s) + 1);
 	} else if (pflg) {
+		if (strchr (user_pass, ':') != NULL) {
+			fprintf (stderr,
+			         _("%s: The password field cannot contain a colon character.\n"),
+			         Prog);
+			return pw_pass;
+
+		}
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              "updating-password",