Journal nocomment's Journal: sudo stores password in plaintext 3
OK I'll admit it. I was bored. I was just tinkering around with various
That's when I came across a few interesting things (namely xchat leaves all kinds of stuff in memory for days after you last logged on).
But most scary was this command 'strings
bryan
-my password was here-
sudo su -
-my password was here again-
It appears to be me logging in to either the console or gdm, and then running sudo su - and typing my password.
It even stores the password when auth fails (Score:2, Interesting)
My attempts on two machines (Score:2)
Re: (Score:3, Interesting)
$ su root /dev/mem | strings | grep MY_PASSWORD
$ password:
# cat
doesn't work as a non-privileged user, though