*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Alex Murray (alexmurray):
I suspect many of the details I'm providing in this bug report are
irrelevant, but as I don't know exactly what is causing this issue I'm
trying to provide more information rather than less.
I recently installed Ubuntu 18.04.1 on two relatively old computers
(mentioning their age because the installer may have chosen to configure
them differently based on their hardware). Ubuntu was installed on an
unencrypted partition next to Windows (Windows 7 on one computers,
Windows 10 on the other).
After doing this, I added two additional non-admin users through the
Users control panel, in addition to the admin user that was created when
Ubuntu was installed.
After doing this, I was regularly using "Switch User" to switch between
the various user accounts. Whenever I selected the "Switch User menu
command, before the graphical user-switching screen came up, I briefly
saw a screen with some kernel messages on it, and BELOW THE KERNEL
MESSAGES WERE THE PASSWORDS THAT HAD BEEN USED TO LOG INTO THE VARIOUS
ACCOUNTS, visible right there in plaintext.
I am not sure whether these passwords were printed as a result of an
initial login, a "Switch User", or both. All I can tell you is that I
was able to see other users' passwords briefly whenever I executed the
"Switch User" menu command.
I am not able to reproduce this on a third laptop. On this laptop, when
I execute "Switch User", the screen goes blank briefly, rather than
showing a screen with kernel messages and passwords on it. I wonder if
this has something to do with the graphics card or capabilities or
something.
I have attached a photo of what I saw before the user-switching screen
came up, with the passwords blurred out of course.
Please let me know if there's any other information I can gather to make
this report more useful.
** Affects: gdm (Ubuntu)
Importance: Undecided
Status: New
--
Login / switch user passwords visible on screen!
https://bugs.launchpad.net/bugs/1784852
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
