Plaintext login password shows on screen on laptop wake (Lubuntu 18.04)

adeps

6/16/23, 12:03 AM

Yesterday, I did a clean install of Lubuntu 18.04 via the the 64-bit image here https://cdimage.ubuntu.com/lubuntu/releases/18.04/release/ on an Asus Vivobook E410M. Whenever the lid of the laptop is closed and reopened, for about half a second, the final 10 characters of my password are displayed in the top-left hand corner of the screen in plaintext.

I'm wondering if anyone has heard of this behaviour, or if this is fixable by changing my screen locker/authentication agent. I previously had Kubuntu 18.04 installed on the laptop and didn't notice this, but it's possible I just wasn't being observant. I'm especially confused as I thought /etc/passwd was encrypted - my password shouldn't be stored in plaintext anywhere on the system.

This is pretty bad for a number of reasons but I'm hoping it is an issue with this specific version of Lubuntu. I'm using Ubuntu 18.04 as I'm developing an application for this specific platform so switching isn't really practical right now.

Thanks to anyone who can help or point me in another direction.

0 + 0

security

lubuntu

password

18.04

guiverc

6/16/23, 12:20 AM

FYI: Lubuntu 18.04 LTS is no longer supported; refer https://lubuntu.me/bionic-eol/ or https://fridge.ubuntu.com/2020/08/14/ubuntu-18-04-5-lts-released/ where you'll note only Ubuntu Server, Ubuntu Desktop & Ubuntu Cloud come with 5 years of support; *flavors* had shorter lives. I'd suggest using `ubuntu-support-status` to assess the security status of your actual install. Your question is still on-topic here, but consider how much security matters to you and the results of prior command. You're now using Ubuntu 18.04 LTS with LXDE (*not Lubuntu*).

guiverc

6/16/23, 12:34 AM

As for anyone hearing of this situation; yep. I recall it being discussed or looked at.. however you're talking about details that are now EOL & events from 2018-2019 & I don't recall what they were. Kubuntu 18.04 (also EOL) used `sddm`, which Lubuntu didn't use until 18.10. You are correct in that the plaintext entry of your password exists only in RAM, but you're using old media as no *flavor* of 18.04 produced 18.04.6 media that includes all patches required to boot on fully patched hardware (ie. to install Lubuntu 18.04 it's clear your system wasn't patched for boothole vulnerabilities)

Terrance

6/16/23, 12:37 AM

`/etc/passwd` is not encrypted, but your password isn't stored in there either, unless you put it there. No passwords should be stored in the `/etc/passwd` file, but instead in the `/etc/shadow` file where the password is encrypted.

adeps

6/16/23, 12:38 AM

@guiverc thanks for the help :)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Plaintext login password shows on screen on laptop wake (Lubuntu 18.04)

TH: รหัสผ่านเข้าสู่ระบบแบบธรรมดาแสดงบนหน้าจอเมื่อปลุกแล็ปท็อป (Lubuntu 18.04)

RO: Parola de conectare în text simplu se afișează pe ecran la trezirea laptopului (Lubuntu 18.04)

RU: Пароль для входа в открытый текст отображается на экране при пробуждении ноутбука (Lubuntu 18.04)

VI: Mật khẩu đăng nhập văn bản gốc hiển thị trên màn hình khi đánh thức máy tính xách tay (Lubfox 18.04)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.