** Changed in: unity8 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1650818
Title:
Clipboard contents accessible outside user session potentially giving
the attacker root access
Status in unity8 package in Ubuntu:
Confirmed
Bug description:
Device: mako
Channel: rc-proposed
Clipboard contents from the last session is accessible outside user
session potentially giving the attacker root access when having
physical access if the user had his password in it. That way it can
also give the attacker access to user's other account passwords and
other more or less relevant information that can be on the clipboard
at that time.
Context menu with working "Select All" and "Paste" menu items can be
invoked on login screen's "Passphrase" and "Passcode" fields.
Context menu with working "Select All" and "Paste" menu items can be
invoked on "Emergency Calls" number field.
If the user locks the device without manually clearing the clipboard,
contents of his session's clipboard can be accessed outside of his
session by simply executing a "Paste" action on the above mentioned
fields.
Potential attacker could then get the root access if the user had his
root passphrase/passcode stored in the clipboard or just view the
clipboard's contents by executing paste in the "Emergency Call".
This issue is especially impacting the users who use password managers
or store their passwords in a file.
Videos demonstrating the vulnerability in action (too big for the
attachment, sry):
https://youtu.be/fExDXYe3EJs
https://youtu.be/1W8lQWUPwBE
STEPS TO REPRODUCE:
1] Login into the user session on your device.
2] Focus any textfield.
3] Write your Passcode/Passphrase, select it and copy it.
4] From the System indicator panel click on "Lock" to lock your device or
simply use the lock button.
5] Go to the "Emergency Call" and invoke the context menu onto the input
field.
6] Click the "Paste" menu item to view your "Passcode".
7] Go to the login screen an invoke the context menu onto the input field.
8] Click the "Paste" menu item to login into your account without ever
writing your password.
9] Go to terminal and paste your password into the modal window's input field
and click "OK"
10] When in terminal, type "sudo -s" and click Enter.
11] When prompted, paste the clipboard contents into terminal and click enter
to get the root access to the device.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1650818/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
