** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1650818
Title: Clipboard contents accessible outside user session potentially giving the attacker root access Status in unity8 package in Ubuntu: New Bug description: Device: mako Channel: rc-proposed Clipboard contents from the last session is accessible outside user session potentially giving the attacker root access when having physical access if the user had his password in it. That way it can also give the attacker access to user's other account passwords and other more or less relevant information that can be on the clipboard at that time. Context menu with working "Select All" and "Paste" menu items can be invoked on login screen's "Passphrase" and "Passcode" fields. Context menu with working "Select All" and "Paste" menu items can be invoked on "Emergency Calls" number field. If the user locks the device without manually clearing the clipboard, contents of his session's clipboard can be accessed outside of his session by simply executing a "Paste" action on the above mentioned fields. Potential attacker could then get the root access if the user had his root passphrase/passcode stored in the clipboard or just view the clipboard's contents by executing paste in the "Emergency Call". This issue is especially impacting the users who use password managers or store their passwords in a file. Videos demonstrating the vulnerability in action (too big for the attachment, sry): https://youtu.be/fExDXYe3EJs https://youtu.be/1W8lQWUPwBE STEPS TO REPRODUCE: 1] Login into the user session on your device. 2] Focus any textfield. 3] Write your Passcode/Passphrase, select it and copy it. 4] From the System indicator panel click on "Lock" to lock your device or simply use the lock button. 5] Go to the "Emergency Call" and invoke the context menu onto the input field. 6] Click the "Paste" menu item to view your "Passcode". 7] Go to the login screen an invoke the context menu onto the input field. 8] Click the "Paste" menu item to login into your account without ever writing your password. 9] Go to terminal and paste your password into the modal window's input field and click "OK" 10] When in terminal, type "sudo -s" and click Enter. 11] When prompted, paste the clipboard contents into terminal and click enter to get the root access to the device. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1650818/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
