[Bug 928465] [NEW] Password used for unlocking LUKS encrypted volume is visible when booting just with the 'quiet' option

Alex Moldovan alex.moldovan at canonical.com
Tue Feb 7 20:38:34 UTC 2012 

Public bug reported:

I'm using a LUKS encrypted partition and I removed the splash option in /etc/default/grub as in:
GRUB_CMDLINE_LINUX_DEFAULT="quiet"

When prompted to type the password during the boot sequence to unlock
the partition the password is displayed as I type it. It is not hidden
as in "********". (screenshot#1). I press enter after typing and the the
password is displayed in clear text and hidden with "******" below.
(screenshot#2) When I shutdown the computer, as the shutdown messages
are being displayed the password is still visible on the screen
(screenshot#3). When using "quiet splash" this doesn't happen, the
password being hidden. (screenshot#4). This is a potentially security
issue because the password is visible on the screen.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cryptsetup 2:1.1.3-4ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-14.23-generic 3.2.3
Uname: Linux 3.2.0-14-generic x86_64
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
Date: Tue Feb  7 15:28:17 2012
ProcEnviron:
 LANGUAGE=en_CA:en
 PATH=(custom, no user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab:
 # <target name>	<source device>		<key file>	<options>
 encryptedhome	/dev/disk/by-uuid/9b77e683-3802-4990-8f83-211199c2a0ac         none         luks

** Affects: cryptsetup (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug precise running-unity

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/928465

Title:
  Password used for unlocking LUKS encrypted volume is visible when
  booting just with the 'quiet' option

Status in “cryptsetup” package in Ubuntu:
  New

Bug description:
  I'm using a LUKS encrypted partition and I removed the splash option in /etc/default/grub as in:
  GRUB_CMDLINE_LINUX_DEFAULT="quiet"

  When prompted to type the password during the boot sequence to unlock
  the partition the password is displayed as I type it. It is not hidden
  as in "********". (screenshot#1). I press enter after typing and the
  the password is displayed in clear text and hidden with "******"
  below. (screenshot#2) When I shutdown the computer, as the shutdown
  messages are being displayed the password is still visible on the
  screen (screenshot#3). When using "quiet splash" this doesn't happen,
  the password being hidden. (screenshot#4). This is a potentially
  security issue because the password is visible on the screen.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: cryptsetup 2:1.1.3-4ubuntu3
  ProcVersionSignature: Ubuntu 3.2.0-14.23-generic 3.2.3
  Uname: Linux 3.2.0-14-generic x86_64
  ApportVersion: 1.91-0ubuntu1
  Architecture: amd64
  Date: Tue Feb  7 15:28:17 2012
  ProcEnviron:
   LANGUAGE=en_CA:en
   PATH=(custom, no user)
   LANG=en_CA.UTF-8
   SHELL=/bin/bash
  SourcePackage: cryptsetup
  UpgradeStatus: No upgrade log present (probably fresh install)
  crypttab:
   # <target name>	<source device>		<key file>	<options>
   encryptedhome	/dev/disk/by-uuid/9b77e683-3802-4990-8f83-211199c2a0ac         none         luks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/928465/+subscriptions

More information about the foundations-bugs mailing list