*** This bug is a security vulnerability ***
Public security bug reported:
Hello, folks,
Today when I returned to my computer (which I locked with Super+L) and
attempted to unlock it, it displayed my passphrase in cleartext in the
'Password' box. I noticed as soon as I got the first character in, then
typed in the second character and it stayed clear. I then picked up my
phone to record the attached video and while I was fiddling with it to
get a good camera shot, the screen locked (for inactivity perhaps?) and
when I unlocked this time, the password only displayed as dots (as
expected).
So unfortunately, I don't know how to replicate. It _did_ occur though,
as the attached video will show if you go slowly (look for "hu", the
first characters of legendary password "hunter2").
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: xorg 1:7.7+19ubuntu7
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
NonfreeKernelModules: livepatch_livepatch_Ubuntu_4_15_0_20_21_generic_
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
CompositorRunning: None
CurrentDesktop: ubuntu:GNOME
Date: Tue May 22 20:27:51 2018
DistUpgraded: Fresh install
DistroCodename: bionic
DistroVariant: ubuntu
ExtraDebuggingInterest: Yes, if not too technical
GraphicsCard:
Subsystem: Dell HD Graphics 630 [1028:07a1]
Advanced Micro Devices, Inc. [AMD/ATI] Oland [Radeon HD 8570 / R7 240/340 OEM]
[1002:6611] (rev 87) (prog-if 00 [VGA controller])
Subsystem: Dell Oland [Radeon HD 8570 / R7 240/340 OEM] [1028:1002]
InstallationDate: Installed on 2018-05-02 (21 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 04d9:a0d5 Holtek Semiconductor, Inc.
Bus 001 Device 002: ID 046d:c338 Logitech, Inc.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. OptiPlex 7050
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-20-generic
root=UUID=9d600b65-ce52-4147-aace-2de5ac8c3c34 ro quiet splash
SourcePackage: xorg
Symptom: display
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/30/2018
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.7.9
dmi.board.name: 0NW6H5
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.modalias:
dmi:bvnDellInc.:bvr1.7.9:bd01/30/2018:svnDellInc.:pnOptiPlex7050:pvr:rvnDellInc.:rn0NW6H5:rvrA00:cvnDellInc.:ct3:cvr:
dmi.product.family: OptiPlex
dmi.product.name: OptiPlex 7050
dmi.sys.vendor: Dell Inc.
version.compiz: compiz N/A
version.libdrm2: libdrm2 2.4.91-2
version.libgl1-mesa-dri: libgl1-mesa-dri 18.0.0~rc5-1ubuntu1
version.libgl1-mesa-glx: libgl1-mesa-glx 18.0.0~rc5-1ubuntu1
version.xserver-xorg-core: xserver-xorg-core 2:1.19.6-1ubuntu4
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:18.0.1-1
version.xserver-xorg-video-intel: xserver-xorg-video-intel
2:2.99.917+git20171229-1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2
** Affects: gdm3 (Ubuntu)
Importance: Undecided
Status: New
** Affects: gnome-shell (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic ubuntu unlock
** Attachment added: "A shaky video that shows the password echoed in
cleartext. Please look frame by frame from 00:04"
https://bugs.launchpad.net/bugs/1772791/+attachment/5143112/+files/VID_20180522_175648.mp4
** Package changed: xorg (Ubuntu) => gdm3 (Ubuntu)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1772791
Title:
Lock Screen displayed password in clear text on one occasion
Status in gdm3 package in Ubuntu:
New
Status in gnome-shell package in Ubuntu:
New
Bug description:
Hello, folks,
Today when I returned to my computer (which I locked with Super+L) and
attempted to unlock it, it displayed my passphrase in cleartext in the
'Password' box. I noticed as soon as I got the first character in,
then typed in the second character and it stayed clear. I then picked
up my phone to record the attached video and while I was fiddling with
it to get a good camera shot, the screen locked (for inactivity
perhaps?) and when I unlocked this time, the password only displayed
as dots (as expected).
So unfortunately, I don't know how to replicate. It _did_ occur
though, as the attached video will show if you go slowly (look for
"hu", the first characters of legendary password "hunter2").
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: xorg 1:7.7+19ubuntu7
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
NonfreeKernelModules: livepatch_livepatch_Ubuntu_4_15_0_20_21_generic_
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
CompositorRunning: None
CurrentDesktop: ubuntu:GNOME
Date: Tue May 22 20:27:51 2018
DistUpgraded: Fresh install
DistroCodename: bionic
DistroVariant: ubuntu
ExtraDebuggingInterest: Yes, if not too technical
GraphicsCard:
Subsystem: Dell HD Graphics 630 [1028:07a1]
Advanced Micro Devices, Inc. [AMD/ATI] Oland [Radeon HD 8570 / R7 240/340
OEM] [1002:6611] (rev 87) (prog-if 00 [VGA controller])
Subsystem: Dell Oland [Radeon HD 8570 / R7 240/340 OEM] [1028:1002]
InstallationDate: Installed on 2018-05-02 (21 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 04d9:a0d5 Holtek Semiconductor, Inc.
Bus 001 Device 002: ID 046d:c338 Logitech, Inc.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. OptiPlex 7050
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-20-generic
root=UUID=9d600b65-ce52-4147-aace-2de5ac8c3c34 ro quiet splash
SourcePackage: xorg
Symptom: display
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/30/2018
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.7.9
dmi.board.name: 0NW6H5
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.modalias:
dmi:bvnDellInc.:bvr1.7.9:bd01/30/2018:svnDellInc.:pnOptiPlex7050:pvr:rvnDellInc.:rn0NW6H5:rvrA00:cvnDellInc.:ct3:cvr:
dmi.product.family: OptiPlex
dmi.product.name: OptiPlex 7050
dmi.sys.vendor: Dell Inc.
version.compiz: compiz N/A
version.libdrm2: libdrm2 2.4.91-2
version.libgl1-mesa-dri: libgl1-mesa-dri 18.0.0~rc5-1ubuntu1
version.libgl1-mesa-glx: libgl1-mesa-glx 18.0.0~rc5-1ubuntu1
version.xserver-xorg-core: xserver-xorg-core 2:1.19.6-1ubuntu4
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:18.0.1-1
version.xserver-xorg-video-intel: xserver-xorg-video-intel
2:2.99.917+git20171229-1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1772791/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
