displaying luks-passphrase unencrypted.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
usplash (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: usplash
When i boot, I'm asked for my luks-passphrase, to decrypt my /home-partition.
The password then is displayed as ******..., however, when i enter the pass and go to tty7 via ctrl+alt+f7, i can read the passphrase i just entered!
i consider this a security bug.. I'm currently running 2.6.30-9, but i've noticed this at least since 2.6.28
ProblemType: Bug
Architecture: amd64
Date: Tue Jun 16 09:10:26 2009
DistroRelease: Ubuntu 9.10
MachineType: System manufacturer System Product Name
NonfreeKernelMo
Package: usplash 0.5.31
ProcCmdLine: root=UUID=
ProcEnviron:
LANGUAGE=
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: usplash
Uname: Linux 2.6.30-9-generic x86_64
UsplashConf:
# Usplash configuration file
# These parameters will only apply after running update-initramfs.
xres=1280
yres=1024
dmi.bios.date: 05/19/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 0403
dmi.board.
dmi.board.name: P6T SE
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.name: System Product Name
dmi.product.
dmi.sys.vendor: System manufacturer
visibility: | private → public |
visibility: | public → private |
security vulnerability: | yes → no |
visibility: | private → public |