crypt password is printed in plain text
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cryptsetup (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Used Ubuntu version is Ubuntu Server 11.10 64-bit.
It's newly installed, i didn't modify anything on the kernel or initrd or such things. I created the whole disk setup with the Ubuntu Server Installer.
This is my setup: I have 4 HDDs, 3 of them are in a RAID 5. On top of the Raid, there is a cryptsetup layer. Inside of the cryptsetup is a LVM. The fourth HDD includes the encrypted operating system as well as GRUB (uncrypted /boot) and the MBR.
So at startup i am being first asked the password for my ubuntu-HDD (sdd2). A first error is, that there are asterisks for every letter I type. That's not really a disastrous bug, but should be fixed too.
But then the real bug occures, after I entered my crypt password for sdd2_crpyt, I am asked for the crpyt password for my encrypted Raid. And the whole password is printed in PLAIN TEXT! (see screenshot)
Everything works, I can boot up properly after entering the password, but it really shouldn't be printed in plain text!
If I type in some letters and then delete them with backspace, it looks like this:
Enter passphrase: asdf\fdsa/
security vulnerability: | yes → no |
security vulnerability: | yes → no |
Indeed it is a security vulnerability. I recently found out that you can view the whole crypt password in tty8 after a successful boot.