boot cryptsetup passphrase prompt echoes typed characters as stars
Bug #778659 reported by
ilf
This bug affects 9 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
plymouth (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: plymouth
So bug 566818 is fixed and plymouth no longer causes the cryptsetup passphrase prompt during boot to repeat the prompt with every character typed.
It still echoes an asterisk for every character typed. I consider this a security issue, since this reveals on the screen how many characters the passphrase consists of.
sudo and cryptsetup (and many others) do not echo anything when typing in passphrases. This is a deliberate security feature. plymouth should respect this and also not echo enything after the prompt.
visibility: | private → public |
security vulnerability: | yes → no |
Changed in plymouth (Ubuntu): | |
status: | New → Confirmed |
description: | updated |
To post a comment you must log in.
Password length gets written and logged to tty7 on Ubuntu Server 11.04.
This is unacceptable, because everyone with physical access is able to read that.