*** This bug is a security vulnerability ***
Public security bug reported:
If you have a "%" character in your password you cannot unlock any
application
/var/log/auth.log shows:
Mar 22 01:33:30 lorbas-laptop polkit-grant-helper-pam[7252]:
pam_unix(polkit:auth): authentication failure; logname= uid=1000 euid=0 tty=
ruser=lorbas rhost= user=lorbas
Mar 22 01:33:39 lorbas-laptop polkit-grant-helper-pam[7260]:
pam_unix(polkit:auth): conversation failed
Mar 22 01:33:39 lorbas-laptop polkit-grant-helper-pam[7260]:
pam_unix(polkit:auth): auth could not identify password for [lorbas]
I check "security vulnerability" because I think that the % character might
trigger an evaluation of %s, like in sprintf for example
** Affects: policykit (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
policykit or policykit-gome do not work with passwords containing "%" character
https://bugs.launchpad.net/bugs/205037
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
