Clipboard contents accessible outside user session potentially giving the attacker root access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unity8 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Device: mako
Channel: rc-proposed
Clipboard contents from the last session is accessible outside user session potentially giving the attacker root access when having physical access if the user had his password in it. That way it can also give the attacker access to user's other account passwords and other more or less relevant information that can be on the clipboard at that time.
Context menu with working "Select All" and "Paste" menu items can be invoked on login screen's "Passphrase" and "Passcode" fields.
Context menu with working "Select All" and "Paste" menu items can be invoked on "Emergency Calls" number field.
If the user locks the device without manually clearing the clipboard, contents of his session's clipboard can be accessed outside of his session by simply executing a "Paste" action on the above mentioned fields.
Potential attacker could then get the root access if the user had his root passphrase/passcode stored in the clipboard or just view the clipboard's contents by executing paste in the "Emergency Call".
This issue is especially impacting the users who use password managers or store their passwords in a file.
Videos demonstrating the vulnerability in action (too big for the attachment, sry):
STEPS TO REPRODUCE:
1] Login into the user session on your device.
2] Focus any textfield.
3] Write your Passcode/
4] From the System indicator panel click on "Lock" to lock your device or simply use the lock button.
5] Go to the "Emergency Call" and invoke the context menu onto the input field.
6] Click the "Paste" menu item to view your "Passcode".
7] Go to the login screen an invoke the context menu onto the input field.
8] Click the "Paste" menu item to login into your account without ever writing your password.
9] Go to terminal and paste your password into the modal window's input field and click "OK"
10] When in terminal, type "sudo -s" and click Enter.
11] When prompted, paste the clipboard contents into terminal and click enter to get the root access to the device.
description: | updated |
information type: | Private Security → Public Security |
Changed in unity8 (Ubuntu): | |
status: | New → Confirmed |