Ubuntu
upstart package

crypttab LUKS password shown in cleartext

Bug #877403 reported by Johannes Bauer
274
This bug affects 4 people
Affects Status Importance Assigned to Milestone
upstart (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

After updating to 11.10, I was shocked to see that passwords that are used for LUKS disk encryption are now shown in cleartext while entrering them. I am not using the (incredibly stupid/ugly, BTW) splash screen, but regular startup. It does not matter wheter framebuffer is enabled or not. When the point comes where I should enter my password, I see the

Enter passphrase:

prompt. When I enter my password there, it appears in clear text! This means I see

Enter passphrase: mypassubuntufuckedup1234

Only when I press enter do I see the passphrase in asterisks, i.e.

Enter passphrase: mypassubuntufuckedup1234
Enter passphrase: ************************

This is - as you can image - not very helpful (since the password is already there in clear text).

I have this problem on one system which I upgraded from Natty and one one fresh install that I just did.

Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Hi Johannes,
  Just for clarification, can you explain:
   1) Are you using full disk LUKS, or just one partition
   2) How did you set it up - did you manually edit cryptab or the like?
   3) How did you disable the gui splash

Dave
(P.S. Please try and avoid swear words in bug reports; even when it is frustratingly broken; I don't mind them, some people do).

Revision history for this message
Johannes Bauer (jb-imm) wrote :

Hi Dave,

1) Just one partition, my home
2) I manually edited crypttab:
crypthome UUID=foo-bar-bar-foo none luks

3) I edited /etc/grub/default/grub and changed

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

to

GRUB_CMDLINE_LINUX_DEFAULT="gfxpayload=text"

also uncommented (but that shouldn't matter)

GRUB_TERMINAL=console

Then reran update-grub. This gives me nice text-only no-framebuffer bootup.

About the swaring: You are of course correct, I will avoid that in the future. One should not write bug reports when annoyed, I guess. My apologies.

Best regards,
Joe

Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Medium: Because of security implication but for a small number of users

tags: added: regression-release
Changed in upstart (Ubuntu):
importance: Undecided → Medium
Marc Deslauriers (mdeslaur)
security vulnerability: no → yes
Jamie Strandboge (jdstrand)
Changed in upstart (Ubuntu):
status: New → Triaged
Revision history for this message
Karsten Stieg (78luphr0rnk2nuqimstywepozxn9kl19tqh0tx66b5dki1xx-launchpad-a811i2i3ytqlsztthjth0svbccw8inm65tmkqp9sarr553jq) wrote :

I can confirm this bug.

I have a crypted root-partition, where everything is fine (* for each key pressed, no clear text shown), but with my crypted data-raid-partition it's the same as mentioned above.

Since it's a data-partition and not needed for boot-up, I set noauto in fstab, took it out of crypttab, created a startscript 'init.d/cryptmount' and did a 'update-rc.d -f cryptmount defaults 99' with it. Voilá, didn't solve the problem but have a workaround, password is not shown anymore. Works for now.

Best regards,
Karsten

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.