pam-gnome-keyring.so reveals user’s password credential as a plaintext form Edit
When I perform memory dump of session-child process, user’s login credential, including user accounts and their password, is revealed as a plaintext form.
In ‘pam_sm_authenticate’ function, user’s password is stored in the heap memory of ‘pam_handle->data” to perform unlock the keyring in later.
After unlocking the keyring, the pam module does not free/overwrite the memory area though the password is no longer used.
We thus could find user’s login credentials.
This raises concerns over the credential being misused for illegal behavior, such as acquiring user’s session key.
It would be better to clean the heap memory.
The test environment is as follows:
Package: gnome-keyring 3.18.3-0ubuntu2
InstallationMedia: Ubuntu 16.04.4 LTS "Xenial Xerus" - Release amd64 (20180228)