← Back to team overview

dx-packages team mailing list archive

[Bug 1358504] [NEW] Screensaver leaks password key-presses through to applications

 

*** This bug is a security vulnerability ***

Public security bug reported:

This is similar to the bug described in:

https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1306970

But as that is marked fixed, perhaps this is something different.

A few times, I have been unable to enter my password until I had clicked in the top right corner, and back into the password box.
I hadn't suspected anything serious, until today when I tried to log in, and eventually got in, seeing that my password had been set to my web browser.

In addition, I've also had instances where I've had to enter the
password twice, and instances when I've come to the computer and it
appeared not to be locked, until I moved the mouse, and the lock screen
displayed.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unity 7.2.2+14.04.20140714-0ubuntu1.1
ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4
Uname: Linux 3.13.0-34-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.3
Architecture: amd64
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CurrentDesktop: Unity
Date: Mon Aug 18 22:21:21 2014
InstallationDate: Installed on 2014-08-14 (3 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: unity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1358504

Title:
  Screensaver leaks password key-presses through to applications

Status in “unity” package in Ubuntu:
  New

Bug description:
  This is similar to the bug described in:

  https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1306970

  But as that is marked fixed, perhaps this is something different.

  A few times, I have been unable to enter my password until I had clicked in the top right corner, and back into the password box.
  I hadn't suspected anything serious, until today when I tried to log in, and eventually got in, seeing that my password had been set to my web browser.

  In addition, I've also had instances where I've had to enter the
  password twice, and instances when I've come to the computer and it
  appeared not to be locked, until I moved the mouse, and the lock
  screen displayed.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: unity 7.2.2+14.04.20140714-0ubuntu1.1
  ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4
  Uname: Linux 3.13.0-34-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.3
  Architecture: amd64
  CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
  CurrentDesktop: Unity
  Date: Mon Aug 18 22:21:21 2014
  InstallationDate: Installed on 2014-08-14 (3 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  SourcePackage: unity
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1358504/+subscriptions


Follow ups

References