Login password from GDM is shown in plain text on the VT1 console
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
plymouth (Ubuntu) |
Fix Released
|
High
|
Mathieu Trudel-Lapierre | ||
Bionic |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
Sessions in specific circumstances when switching to TTY while plymouth is being activated or deactivated.
[Test cases]
Steps to reproduce:
1) Log-in using X11 login via GDM.
2) Use the desktop for a while. (For some reason I cannot reproduce if I login and then restart after a short while).
3) In Gnome click System menu -> Power Button -> Restart
4) Quickly press CTRL-ALT-F1
Validate whether your login password is visible on the TTY.
[Regression Potential]
Possible regressions may include difficulty showing text-mode splash or boot messages given that this changes the state of tty based on plymouth's own activation state.
---
https:/
I don't which package this applies to, but I believe the best bet is GDM.
Steps to reproduce:
1) Log-in using X11 login via GDM.
2) Use the desktop for a while. (For some reason I cannot reproduce if I login and then restart after a short while).
3) In Gnome click System menu -> Power Button -> Restart
4) Quickly press CTRL-ALT-F1
5) I see my login password in plain text in the console. Once I saw the login password repeated twice.
See attached photo with the login password blanked out. Below the password is the console cursor.
## lsb_release -rd
Description: Ubuntu 18.04 LTS
Release: 18.04
## apt-cache policy gdm3
gdm3:
Installed: 3.28.0-0ubuntu1
Candidate: 3.28.0-0ubuntu1
Version table:
*** 3.28.0-0ubuntu1 500
500 http://
100 /var/lib/
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gdm3 3.28.0-0ubuntu1
ProcVersionSign
Uname: Linux 4.15.0-18-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 30 14:54:07 2018
InstallationDate: Installed on 2018-04-13 (17 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Beta amd64 (20180404)
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
information type: | Private Security → Public Security |
tags: | added: fall-through |
summary: |
- Login password is shown in plain text when shutting down + Login password is shown in plain text on VT1 when shutting down |
Changed in gnome-shell (Ubuntu): | |
importance: | Undecided → High |
Changed in mutter (Ubuntu): | |
importance: | Undecided → High |
Changed in gnome-shell (Ubuntu): | |
status: | New → Confirmed |
Changed in mutter (Ubuntu): | |
status: | New → Confirmed |
summary: |
- Login password is shown in plain text on VT1 when shutting down + Login password from GDM is shown in plain text on the VT1 console |
description: | updated |
tags: | added: rls-cc-incoming |
Changed in plymouth (Ubuntu Bionic): | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: id-5b9148c9206edc248ed09ba2 |
description: | updated |
Changed in plymouth (Ubuntu): | |
assignee: | Canonical Foundations Team (canonical-foundations) → Mathieu Trudel-Lapierre (cyphermox) |
Changed in gdm3 (Ubuntu Bionic): | |
status: | Confirmed → Invalid |
Sounds like another case of keyboard input passing through the login screen to the VT below.