Bug 892382 - (CVE-2012-6655) VUL-1: CVE-2012-6655: accountsservice: local encrypted password disclosure when changing password
VUL-1: CVE-2012-6655: accountsservice: local encrypted password disclosure wh...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other openSUSE 13.1
: P4 - Low : Minor
: ---
Assigned To: Yifan Jiang
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2014-08-18 16:20 UTC by Alexander Bergmann
Modified: 2020-06-04 13:05 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-08-18 16:20:02 UTC
Via bugs.freedesktop.org:

Calling SetPassword() on the AccountsService results in a crypted password included on the command line. This seems to me to be minor security hole. It is the equivalent of having /etc/shadow readable by non-root users (albeit only for those who change their password via the AccountsService).

Any other local user can (in a default linux configuration) see the command lines of any other process on the system.

The relevant code is in src/user.c in the user_change_password_authorized_cb() function:

        argv[0] = "/usr/sbin/usermod";
        argv[1] = "-p";
        argv[2] = strings[0];
        argv[3] = "--";
        argv[4] = user->user_name;
        argv[5] = NULL;

strings[0] has been set to the crypted password in user_set_password(). The crypted password has been passed from the client (ie: gnome-control-center).

CVE-2012-6655 was assigned to this issue.

Comment 1 Alexander Bergmann 2014-08-18 16:25:55 UTC
This needs to be fixed for openSUSE 12.3 and 13.1. (+SLE-12)
Comment 2 Swamp Workflow Management 2014-08-18 22:00:26 UTC
bugbot adjusting priority
Comment 4 Dominique Leuenberger 2016-08-05 07:34:30 UTC
Passing on to Frederic - maybe you find somebody to actually dig into this (it's likely still an issue in SLE12?!)
Comment 5 Felix Zhang 2017-07-25 03:58:29 UTC
The bug is not fixed by upstream yet. So probably still an issue in TW too..