Saturday, January 25, 2025
HomeCVE/vulnerabilityGNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

Published on

SIEM as a Service

Follow Us on Google News

GNOME desktop manager was equipped with a new feature which allowed remote users to create graphical sessions on the system by configuring the system daemon.

This daemon runs as a dedicated “gnome-remote-desktop” and also provides a D-bus interface on the D-bus system bus. 

These features have been introduced in GNOME remote desktop version 46 along with several other system services.

However, some of the new system services were discovered with some critical security issues in which one of them was associated with System credentials leak and Local Private Key Leak.

Technical Analysis – CVE-2024-5148

Local Private Key Leak

According to the reports shared with Cyber Security News, the Local private key leak exists due to the fact that the system daemon keeps public SSL certificates and respective private keys in /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/certificates location.

The access to this directory is also restricted to and can only be accessed by the service user “gnome-remote-desktop”, mode 0700. However, any local user can intercept the private SSL key via “org.gnome.RemoteDesktop.Rdp.Handover” D-Bus interface. 

Additionally, the private key is also returned from the StartHandover D-Bus function that can also be intercepted.

If a remote desktop client connects to the system daemon, the time window is too long which can be utilized by an attacker to call this method on the created session object.

This leads to an unauthenticated access to the D-bus interface which allows a threat actor to connect to the system daemon without any authentication or required.

Nevertheless, for escalating this vulnerability into a denial of service condition which requires valid RDP credentials. 

System Credentials Leak

If any RDP connection uses shared system credentials, a threat actor with low privileges can gain these credentials in cleartext similar to the previous interception method and call an unauthenticated D-Bus method “GetSystemCredentials()” of the handover interface.

Further, these system credentials can also be used by a threat actor to connect to the GDM via RDP.

However, it does not directly grant a session for a threat actor as there is an authentication present in the display manager that must be performed.

In case if there is an automatic login configured, then the authentication is a piece of cake for the threat actor.

These vulnerabilities have been fixed in the latest release of GNOME remote desktop.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations

The New York State Department of Financial Services (NYDFS) has imposed a $2 million...