← Back to team overview

ecryptfs team mailing list archive

[Bug 305882] Re: ecryptfs private wrapped passphrase with wrong password during password change

 

victim@stupid:~$ ecryptfs-unwrap-passphrase ./.ecryptfs/wrapped-passphrase 
Passphrase: password
Warning: Using default salt value (undefined in ~/.ecryptfsrc)
(passphrase)victim@stupid:~$ passwd
Changing password for victim.
(current) UNIX password: password
Enter new UNIX password: a
Retype new UNIX password: a
You must choose a longer password
Enter new UNIX password: a
Retype new UNIX password: a
You must choose a longer password
Enter new UNIX password: a
Retype new UNIX password: a
You must choose a longer password
passwd: password updated successfully
victim@stupid:~$ ecryptfs-unwrap-passphrase ./.ecryptfs/wrapped-passphrase 
Passphrase: password
Warning: Using default salt value (undefined in ~/.ecryptfsrc)
Error: Unwrapping passphrase failed [-5]
Info: Check the system log for more information from libecryptfs
victim@stupid:~$ ecryptfs-unwrap-passphrase ./.ecryptfs/wrapped-passphrase 
Passphrase: a
Warning: Using default salt value (undefined in ~/.ecryptfsrc)
(passphrase)victim@stupid:~$ su victim
Password: a
su: Authentication failure
victim@stupid:~$ su victim
Password: password
victim@stupid:~$

-- 
ecryptfs private wrapped passphrase with wrong password during password change
https://bugs.launchpad.net/bugs/305882
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Incomplete
Status in “pam” source package in Ubuntu: New

Bug description:
Binary package hint: ecryptfs-utils

To reproduce:

1. On command line, attempt to change your password to a weak password (like "yes").
2. Actually change your password to a strong password.

I found that ecryptfs wrapped the passphrase in the weak password instead of the final password I chose.

Description:	Ubuntu 8.10
Release:	8.10

ecryptfs-utils:
  Installed: 53-1ubuntu12
  Candidate: 53-1ubuntu12
  Version table:
 *** 53-1ubuntu12 0
        500 http://mirrors.us.kernel.org intrepid-updates/main Packages
        100 /var/lib/dpkg/status
     53-1ubuntu11 0
        500 http://mirrors.us.kernel.org intrepid/main Packages



Follow ups

References