crypttab LUKS password shown in cleartext
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
upstart (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
After updating to 11.10, I was shocked to see that passwords that are used for LUKS disk encryption are now shown in cleartext while entrering them. I am not using the (incredibly stupid/ugly, BTW) splash screen, but regular startup. It does not matter wheter framebuffer is enabled or not. When the point comes where I should enter my password, I see the
Enter passphrase:
prompt. When I enter my password there, it appears in clear text! This means I see
Enter passphrase: mypassubuntufuc
Only when I press enter do I see the passphrase in asterisks, i.e.
Enter passphrase: mypassubuntufuc
Enter passphrase: *******
This is - as you can image - not very helpful (since the password is already there in clear text).
I have this problem on one system which I upgraded from Natty and one one fresh install that I just did.
security vulnerability: | no → yes |
Changed in upstart (Ubuntu): | |
status: | New → Triaged |
Hi Johannes,
Just for clarification, can you explain:
1) Are you using full disk LUKS, or just one partition
2) How did you set it up - did you manually edit cryptab or the like?
3) How did you disable the gui splash
Dave
(P.S. Please try and avoid swear words in bug reports; even when it is frustratingly broken; I don't mind them, some people do).