16

So, my computer crashed during the night and when I came to work in the morning I had the following screen on. Consoledump I did not type the password a single time after the crash.

It appears to be related to ecryptfs, but the password is my loginpassword.

So any idea which process could have written my password into the console?

Improve this question
9
  • Is it just your password on that line alone, with nothing else? Commented Jun 15, 2018 at 6:39
  • Just my password nothing else. And I'm quite sure I have not made the usual "accidentally typed my password into the console when not asked" -error. Also checked my bash_history, that it was not there. Commented Jun 15, 2018 at 6:40
  • That's very odd. The answer to the question in the title is yes. It obviously needs to handle the plain password at some point in time. I don't know why it would be written to the console during a crash, though. Were you able to take a crash dump? FWIW, I doubt it's related to ecryptfs. That error just seems to be a generic error due to a corrupt filesystem. The password coming after the ecryptfs lines is likely coincidence. Commented Jun 15, 2018 at 6:42
  • Don't have the coredump anymore. Used the Ubuntu-tool to send it, and read through the plain text parts finding nothing interesting. Anyway to see those infos again? Commented Jun 15, 2018 at 6:45
  • If you deleted it, then probably not without attempting forensic recovery. Commented Jun 15, 2018 at 6:49

1 Answer 1

Reset to default
1

In fact, it can be worst. I just take some check on Ubuntu Crash Reporting and I found this.

Bug reports about crashes which are automatically generated by the Apport system are now private by default. This avoids exposing potentially sensitive data like passwords to the public. Those bug reports are now inspected by a trusted Ubuntu developer before marking it public.

There is no indication which version(s) is/are affected. IMHO, to prevent password leak, you should either upgrade Apport or disabled it.

This issue is documented/highlight under Apport wiki

Apport collects potentially sensitive data, such as core dumps, stack traces, and log files. They can contain passwords, credit card numbers, serial numbers, and other private material.

(update) This issue need further scrutinize, because there are confusion of ecryptfs and login passphrase vs mount passphrase.

Improve this answer
5
  • 3
    But why would apport itself have access to my password? I think the Apport case is for cases where some other process prints or stores the password and it gets included in the dump. Commented Jun 15, 2018 at 8:56
  • 1
    There is no confusion. The password shown on the console is my userpassword which is no way used with my encrypted LVM, and only used the open the Gnome-keyring containing the actual home-directory ecryptfs password Commented Jun 20, 2018 at 12:33
  • @Gjordis than this is obvious Apport issue. Commented Jun 20, 2018 at 12:41
  • 1
    @mootmoot What is being displayed on the screen is a regular kernel oops/panic/whatever, it has nothing to do with Apport. Commented Jun 20, 2018 at 12:52
  • 1
    If some other application (like in this case) logs, prints or caches insecurely some sensitive information, THEN apport is/was in risk of exposing them. But this requires and underlying badly designed software or a glitch. Apport does not handle passwords or password-inputs in any way unless its a part of the dump or log. Commented Jun 20, 2018 at 16:50

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.