pam-gnome-keyring.so reveals user’s password credential as a plaintext form
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-keyring (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When I perform memory dump of session-child process, user’s login credential, including user accounts and their password, is revealed as a plaintext form.
In ‘pam_sm_
After unlocking the keyring, the pam module does not free/overwrite the memory area though the password is no longer used.
We thus could find user’s login credentials.
This raises concerns over the credential being misused for illegal behavior, such as acquiring user’s session key.
It would be better to clean the heap memory.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: gnome-keyring 3.18.3-0ubuntu2
ProcVersionSign
Uname: Linux 4.13.0-36-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
CurrentDesktop: Unity
Date: Wed May 23 22:53:12 2018
InstallationDate: Installed on 2018-04-20 (32 days ago)
InstallationMedia: Ubuntu 16.04.4 LTS "Xenial Xerus" - Release amd64 (20180228)
SourcePackage: gnome-keyring
UpgradeStatus: No upgrade log present (probably fresh install)
upstart.
CVE References
information type: | Private Security → Public Security |
Changed in gnome-keyring (Ubuntu): | |
status: | New → Fix Released |
Changed in gnome-keyring (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in gnome-keyring (Ubuntu Xenial): | |
status: | New → Confirmed |
Hi!
Thanks for reporting this issue. Could you please file it with the upstream project here:
https:/ /gitlab. gnome.org/ GNOME/gnome- keyring/ issues
Once you've done that, please add a link to the bug here.
Thanks!