| 2010-09-30 03:03:05 |
komputes |
bug |
|
|
added bug |
| 2010-09-30 03:03:05 |
komputes |
attachment added |
|
Dependencies.txt https://bugs.edge.launchpad.net/bugs/651734/+attachment/1655894/+files/Dependencies.txt |
|
| 2010-09-30 03:03:27 |
komputes |
security vulnerability |
no |
yes |
|
| 2010-09-30 03:20:16 |
komputes |
description |
Binary package hint: policykit-1-gnome
Policykit password dialogs are insecure as they do not keep focus. There are advantages to the way gnome-screensaver and gksudo treat the password prompt. As it blocks out any other input or window, you are less likely to be inputting to another source.
I have experienced many time where I either discovered a password or shared my own because of this flaw in policykit.
Examples of the issue:
-Start an administrative utility which requests a password
-Get the password prompt up
-Either inset a usb disk or if you have touchpad sensitivity (tapp to click) **axidentally** click on a nautilus window in the background
-Type the password ans it shows up as a file search in the bottom right of the nautilus window
As you can see there are benefits to making sure the password is entered into the password prompt. policykit and many other password prompts do not lock out screen meaning the risk is higher that everyone will be able to see your passphrase in cleartext.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: policykit-1-gnome 0.96-2ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-24.43-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Wed Sep 29 22:51:43 2010
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.1)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: policykit-1-gnome |
Binary package hint: policykit-1-gnome
Policykit password dialogs are insecure as they do not keep focus. There are advantages to the way gnome-screensaver and gksudo treat the password prompt. As it blocks out any other input or window, you are less likely to be inputting to another source.
I have experienced many time where I either discovered a password or shared my own because of this flaw in policykit.
Examples of the issue:
-Start an administrative utility which requests a password
-Get the password prompt up
-Either inset a usb disk or if you have touchpad sensitivity (tapp to click) **accidentally** click on a nautilus window in the background
-Type the password ans it shows up as a file search in the bottom right of the nautilus window
As you can see there are benefits to making sure the password is entered into the password prompt. policykit and many other password prompts do not lock out screen meaning the risk is higher that everyone will be able to see your passphrase in cleartext.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: policykit-1-gnome 0.96-2ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-24.43-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Wed Sep 29 22:51:43 2010
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.1)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: policykit-1-gnome
|
|
| 2010-10-02 01:38:38 |
Marc Deslauriers |
bug watch added |
|
https://bugzilla.gnome.org/show_bug.cgi?id=596260 |
|
| 2010-10-02 01:38:38 |
Marc Deslauriers |
bug task added |
|
policykit-1-gnome |
|
| 2010-10-02 01:38:53 |
Marc Deslauriers |
policykit-1-gnome (Ubuntu): status |
New |
Confirmed |
|
| 2010-10-02 09:22:11 |
Bug Watch Updater |
policykit-1-gnome: status |
Unknown |
In Progress |
|
| 2010-10-02 09:22:11 |
Bug Watch Updater |
policykit-1-gnome: importance |
Unknown |
High |
|
| 2011-07-06 02:21:58 |
komputes |
bug |
|
|
added subscriber Canonical Desktop Experience Team |
| 2011-07-08 22:05:54 |
Ted Gould |
removed subscriber Canonical Desktop Experience Team |
|
|
|
| 2013-06-27 12:48:37 |
Jeremy Bícha |
bug |
|
|
added subscriber Jeremy Bicha |
| 2014-05-08 21:07:45 |
Tim Embler |
bug |
|
|
added subscriber Timothy Embler |
| 2014-12-18 20:22:30 |
Bug Watch Updater |
policykit-1-gnome: status |
In Progress |
Expired |
|
