[Bug 1767918] [NEW] Login password from GDM is shown in plain text on the VT1 console
Launchpad Bug Tracker
1767918 at bugs.launchpad.net
Tue Aug 28 01:53:03 UTC 2018
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
https://gitlab.gnome.org/GNOME/gdm/issues/408
---
I don't which package this applies to, but I believe the best bet is
GDM.
Steps to reproduce:
1) Log-in using X11 login via GDM.
2) Use the desktop for a while. (For some reason I cannot reproduce if I login and then restart after a short while).
3) In Gnome click System menu -> Power Button -> Restart
4) Quickly press CTRL-ALT-F1
5) I see my login password in plain text in the console. Once I saw the login password repeated twice.
See attached photo with the login password blanked out. Below the
password is the console cursor.
## lsb_release -rd
Description: Ubuntu 18.04 LTS
Release: 18.04
## apt-cache policy gdm3
gdm3:
Installed: 3.28.0-0ubuntu1
Candidate: 3.28.0-0ubuntu1
Version table:
*** 3.28.0-0ubuntu1 500
500 http://nz.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
100 /var/lib/dpkg/status
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gdm3 3.28.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-18.19-generic 4.15.17
Uname: Linux 4.15.0-18-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 30 14:54:07 2018
InstallationDate: Installed on 2018-04-13 (17 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Beta amd64 (20180404)
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: gdm3 (Ubuntu)
Importance: High
Status: Confirmed
** Affects: gnome-shell (Ubuntu)
Importance: High
Status: Confirmed
** Affects: plymouth (Ubuntu)
Importance: High
Status: Confirmed
** Tags: amd64 apport-bug bionic fall-through
--
Login password from GDM is shown in plain text on the VT1 console
https://bugs.launchpad.net/bugs/1767918
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to plymouth in Ubuntu.
More information about the foundations-bugs
mailing list