Gnome Keyring Daemon Credential Disclosure

The gnome-keyring-daemon is vulnerable to local credential disclosure as it leaves credentials accessible in memory.


MD5 | dab6a6b67a31a5658f079344def0f19c

gnome-keyring-daemon is vulnerable to local credentials disclosure.


Fortunately the attack can be spun on already compromised machines,
but sadly, in those cases, an attacker can leaverage on
gnome-keyring-daemon to obtain sensible data.

The application store
password of logged users in clear text in the process memory, hence
expose this information (such of login password, passphrase of
ssh-agent, etc.) to an attacker.

In this scenario, he can read those
data instantly without cracking it or install keylogger, sniffer and
variuos tools, but using gnome-keyring-daemon in order to obtain this
informations, that can be extracted from memory using a debugger (such
of "gdb").

At this URL, there is a script (named "memory_dump.sh")
that can be used as PoC:

http://www.lucaercoli.it/

memory_dump.sh:

#!/bin/bash

mkdir $1
cd $1
grep rw-p /proc/$1/maps \
| awk '{print $1}' \
| sed 's/-/ /' \
| while read mem_start mem_end; do gdb --pid $1 --batch-silent -ex "dump memory $mem_start-$mem_end.dump 0x$mem_start 0x$mem_end"; done

Related Posts

Comments