Password visible in systemd password prompt if user types too slow

Bug #1780506 reported by Jack Rosenthal on 2018-07-06
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Undecided
Unassigned

Bug Description

When systemd prompts for a password (for example, using systemctl without sudo and requiring authentication), it times out if the user does not type the password fast enough (after about 30 seconds or so).

This results in the password becoming visible on the next prompt from bash (or whatever shell was being used) as the password is left on standard input.

Perhaps this package should consume the input when timing out. Not sure if this is possible, but a security issue.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: systemd 229-4ubuntu21.2
ProcVersionSignature: Ubuntu 4.4.0-119.143-generic 4.4.114
Uname: Linux 4.4.0-119-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Fri Jul 6 17:31:46 2018
InstallationDate: Installed on 2015-03-06 (1218 days ago)
InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
MachineType: Dell Inc. PowerEdge R310
ProcEnviron:
 TERM=rxvt-unicode-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-119-generic root=/dev/mapper/hostname--vg-root ro
SourcePackage: systemd
UpgradeStatus: Upgraded to xenial on 2016-08-26 (679 days ago)
dmi.bios.date: 03/03/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.6.4
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A02
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.6.4:bd03/03/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA02:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.

Jack Rosenthal (jrosenth) wrote :
information type: Private Security → Public Security
Seth Arnold (seth-arnold) wrote :

Nice find. When I tested this, it also left the terminal echo off:

sarnold@hunt:/etc/apparmor.d$ systemctl daemon-reload
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ===
Authentication is required to reload the systemd state.
Authenticating as: Seth Arnold,,, (sarnold)
Password: Failed to reload daemon: Method call timed out
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
sarnold@hunt:/etc/apparmor.d$ STRENGEHEIM: command not found
...

Thanks

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers