*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
This was found when an administrative error made /home directory
inaccessible. Any users that tried to login after that, were not able
to (which is expected) but their password appears on the VT1 screen.
Under normal circumstances, VT1 is not visible. But once the system was
sent into this compromised mode, one can press ctrl+alt+F1 and then
ctrl+alt+F2 and get a momentary glance at VT1. One can keep toggling
between these key combinations in order to make out the password(s) on
VT1.
As a further test, I wanted to see if a non-super user could cause this
condition, and it is in fact possible. As a regular user, I made their
own home directory not writable and then removed ~/.config and logged
out. Then logged in as that user again, and although that user can't
login the system does go into that mode where passwords appear on VT1
and are viewable with the key combinations mentioned herein. Further,
any other users that login will see no problem, but when they logon
their passwords also appear on VT1 and are viewable.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.3
Uname: Linux 4.19.2-041902-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Nov 19 08:32:59 2018
InstallationDate: Installed on 2018-08-25 (85 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: gdm3 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic third-party-packages
--
GDM is Exploitable as a Password Collector
https://bugs.launchpad.net/bugs/1803993
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
