*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: plymouth
So #566818 is fixed and plymouth no longer causes the cryptsetup
passphrase prompt during boot to repeat the prompt with every character
typed.
It still echoes an asterisk for every character typed. I consider this a
security issue, since this reveals on the screen how many characters the
passphrase consists of.
sudo and cryptsetup (and many others) do not echo anything when typing
in passphrases. This is a deliberate security feature. plymouth should
respect this and also not echo enything after the prompt.
** Affects: plymouth (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/778659
Title:
boot cryptsetup passphrase prompt echoes typed characters as stars
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
