Ubuntu
policykit-1 package

Easy keylogging of user password

Bug #917612 reported by avi9526
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
policykit-1 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

OS: Ubuntu 11.10 amd64 with gnome-classic session.
I've found that most of user authentication programs that used in Ubuntu is pkexec. The problem is that this program do not lock the keyboard (while gksu does).
For example, the program xneur (analog of puntoswitcher) can log keystrokes. And when I turn on this option, I found my password used to authenticate applications in this log (this password can be used to get access to root).

Steps to reproduce
1) XNeur used as keylogger, but version in Ubuntu repository don't work correctly.
I used xneur from repository of it's authors
ppa:andrew-crew-kuznetsov/xneur-stable
Start xneur with command: "gxneur"
2) Enable keylogging:
2.1) Click with second mouse button at xneur icon in system tray to get popup menu and click Preferences
2.2) Go to tab called "log" and check "Enable keyboard logging", then press "OK"
2.3) Logfile is accessible in "$HOME/.xneur/xneurlog.html" (I use firefox to view this log)
3) Launch application that use pkexec:
3.1) "synaptic-pkexec" write Your password, then hit "Enter"
3.2) "gnome-control-center --overview" go to "User accounts" and press "Unlock", write Your password, then hit "Enter"
4) Ckeck out log file "$HOME/.xneur/xneurlog.html". My password is there.

See original description
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Could you please give the steps necessary to reproduce this? Thanks.

security vulnerability: no → yes
Changed in policykit-1 (Ubuntu):
status: New → Incomplete
Revision history for this message
avi9526 (avi9526) wrote :

OS: Ubuntu 11.10 amd64
I used Ubuntu with gnome-classic session.
Steps to reproduce
1) XNeur used as keylogger, but version in Ubuntu repository don't work correctly.
I used xneur from repository of it's authors
ppa:andrew-crew-kuznetsov/xneur-stable
Start xneur with command: "gxneur"
2) Enable keylogging:
2.1) Click with second mouse button at xneur icon in system tray to get popup menu and click Preferences
2.2) Go to tab called "log" and check "Enable keyboard logging", then press "OK"
2.3) Logfile is accessible in "$HOME/.xneur/xneurlog.html" (I use firefox to view this log)
3) Launch application that use pkexec:
3.1) "synaptic-pkexec" write Your password, then hit "Enter"
3.2) "gnome-control-center --overview" go to "User accounts" and press "Unlock", write Your password, then hit "Enter"
4) Ckeck out log file "$HOME/.xneur/xneurlog.html". My password is there.

avi9526 (avi9526)
description: updated
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

The only reason xneur isn't capturing the gksu keyboard is because it's not detecting the window properly.
If you use another key logging application, such as xspy, you can also capture keystrokes that are entered into gksu.

Being able to capture keystrokes is a design limitation of X, and cannot be easily fixed. Hopefully, Wayland will solve this.

Closing this bug as there's no action that can be taken to fix this issue.

Changed in policykit-1 (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.