[Bug 1780506] Re: Password visible in systemd password prompt if user types too slow

Marc Deslauriers marc.deslauriers at canonical.com
Tue Sep 17 09:42:44 UTC 2019 

Hi! Have you reported this issue to the upstream systemd developers?
If not, could you please report it to them so that it can get fixed?

Thanks!

** Changed in: systemd (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1780506

Title:
  Password visible in systemd password prompt if user types too slow

Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  When systemd prompts for a password (for example, using systemctl
  without sudo and requiring authentication), it times out if the user
  does not type the password fast enough (after about 30 seconds or so).

  This results in the password becoming visible on the next prompt from
  bash (or whatever shell was being used) as the password is left on
  standard input.

  
  Perhaps this package should consume the input when timing out. Not sure if this is possible, but a security issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: systemd 229-4ubuntu21.2
  ProcVersionSignature: Ubuntu 4.4.0-119.143-generic 4.4.114
  Uname: Linux 4.4.0-119-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  Date: Fri Jul  6 17:31:46 2018
  InstallationDate: Installed on 2015-03-06 (1218 days ago)
  InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
  MachineType: Dell Inc. PowerEdge R310
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-119-generic root=/dev/mapper/hostname--vg-root ro
  SourcePackage: systemd
  UpgradeStatus: Upgraded to xenial on 2016-08-26 (679 days ago)
  dmi.bios.date: 03/03/2011
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.6.4
  dmi.board.name: 05XKKK
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A02
  dmi.chassis.type: 23
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: dmi:bvnDellInc.:bvr1.6.4:bd03/03/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA02:cvnDellInc.:ct23:cvr:
  dmi.product.name: PowerEdge R310
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1780506/+subscriptions

More information about the foundations-bugs mailing list