Daniel Blaschke
2008-Apr-21 19:01 UTC
[Secure-testing-team] Bug#477203: cryptsetup: LUKS passphrase sometimes in cleartext
Package: cryptsetup Version: 2:1.0.6-1 Severity: grave Tags: security Justification: user security hole I have an encrypted /home partition and usplash is installed. Whenever I''m not quick enough entering the LUKS passphrase, usplash times out and in order to continue the boot process I need to switch to tty 8 where I can enter the passphrase. And here''s the security problem: As I type, the passphrase appears as cleartext on the screen... cheers, Daniel -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, ''testing''), (200, ''unstable'') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.24-4 The Linux Kernel Device Mapper use ii libc6 2.7-10 GNU C Library: Shared libraries ii libdevmapper1.02.1 2:1.02.24-4 The Linux Kernel Device Mapper use ii libpopt0 1.10-3 lib for parsing cmdline parameters ii libuuid1 1.40.8-2 universally unique id library cryptsetup recommends no packages. -- no debconf information