Ubuntu
gdm package

Login / switch user passwords visible on screen!

Bug #1784852 reported by Jonathan Kamens on 2018-08-01

This bug report is a duplicate of: Bug #1767918: Login password from GDM is shown in plain text on the VT1 console. Edit Remove

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gdm (Ubuntu)	Confirmed	Undecided	Unassigned
	gnome-shell (Ubuntu)	New	Undecided	Unassigned

Bug Description

I suspect many of the details I'm providing in this bug report are irrelevant, but as I don't know exactly what is causing this issue I'm trying to provide more information rather than less.

I recently installed Ubuntu 18.04.1 on two relatively old computers (mentioning their age because the installer may have chosen to configure them differently based on their hardware). Ubuntu was installed on an unencrypted partition next to Windows (Windows 7 on one computers, Windows 10 on the other).

After doing this, I added two additional non-admin users through the Users control panel, in addition to the admin user that was created when Ubuntu was installed.

After doing this, I was regularly using "Switch User" to switch between the various user accounts. Whenever I selected the "Switch User menu command, before the graphical user-switching screen came up, I briefly saw a screen with some kernel messages on it, and BELOW THE KERNEL MESSAGES WERE THE PASSWORDS THAT HAD BEEN USED TO LOG INTO THE VARIOUS ACCOUNTS, visible right there in plaintext.

I am not sure whether these passwords were printed as a result of an initial login, a "Switch User", or both. All I can tell you is that I was able to see other users' passwords briefly whenever I executed the "Switch User" menu command.

I am not able to reproduce this on a third laptop. On this laptop, when I execute "Switch User", the screen goes blank briefly, rather than showing a screen with kernel messages and passwords on it. I wonder if this has something to do with the graphics card or capabilities or something.

I have attached a photo of what I saw before the user-switching screen came up, with the passwords blurred out of course.

Please let me know if there's any other information I can gather to make this report more useful.

Revision history for this message

Jonathan Kamens (jik) wrote on 2018-08-01:

MVIMG_20180729_234839.jpg Edit (3.6 MiB, image/jpeg)

affects:

xorg (Ubuntu) → gdm (Ubuntu)

Revision history for this message

Alex Murray (alexmurray) wrote on 2018-08-01:

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1779637, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find.

information type:	Private Security → Public Security
Changed in gdm (Ubuntu):
status:	New → Confirmed

Revision history for this message

Alex Murray (alexmurray) wrote on 2018-08-02:

Ignore comment #2 - I misread bug #1779637 - this bug is distinct from that.

Can you provide any details as to whether you are using the X or the Wayland session?

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2018-08-02:

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1767918, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.