Login / switch user passwords visible on screen!

Bug #1784852 reported by Jonathan Kamens
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gdm (Ubuntu)
Confirmed
Undecided
Unassigned
gnome-shell (Ubuntu)
New
Undecided
Unassigned

Bug Description

I suspect many of the details I'm providing in this bug report are irrelevant, but as I don't know exactly what is causing this issue I'm trying to provide more information rather than less.

I recently installed Ubuntu 18.04.1 on two relatively old computers (mentioning their age because the installer may have chosen to configure them differently based on their hardware). Ubuntu was installed on an unencrypted partition next to Windows (Windows 7 on one computers, Windows 10 on the other).

After doing this, I added two additional non-admin users through the Users control panel, in addition to the admin user that was created when Ubuntu was installed.

After doing this, I was regularly using "Switch User" to switch between the various user accounts. Whenever I selected the "Switch User menu command, before the graphical user-switching screen came up, I briefly saw a screen with some kernel messages on it, and BELOW THE KERNEL MESSAGES WERE THE PASSWORDS THAT HAD BEEN USED TO LOG INTO THE VARIOUS ACCOUNTS, visible right there in plaintext.

I am not sure whether these passwords were printed as a result of an initial login, a "Switch User", or both. All I can tell you is that I was able to see other users' passwords briefly whenever I executed the "Switch User" menu command.

I am not able to reproduce this on a third laptop. On this laptop, when I execute "Switch User", the screen goes blank briefly, rather than showing a screen with kernel messages and passwords on it. I wonder if this has something to do with the graphics card or capabilities or something.

I have attached a photo of what I saw before the user-switching screen came up, with the passwords blurred out of course.

Please let me know if there's any other information I can gather to make this report more useful.

Revision history for this message
Jonathan Kamens (jik) wrote :
affects: xorg (Ubuntu) → gdm (Ubuntu)
Revision history for this message
Alex Murray (alexmurray) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1779637, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find.

information type: Private Security → Public Security
Changed in gdm (Ubuntu):
status: New → Confirmed
Revision history for this message
Alex Murray (alexmurray) wrote :

Ignore comment #2 - I misread bug #1779637 - this bug is distinct from that.

Can you provide any details as to whether you are using the X or the Wayland session?

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1767918, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.