New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 592846 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Mar 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Enterprise Enrollment

Reported by cameronb...@gmail.com, Mar 8 2016

Issue description



VULNERABILITY DETAILS
This issue has to do with Google's Enterprise Enrollment feature for the chromebook.
I have figured out a way to escape from the reaches of the Enterprise Enrollment, temporarily. I am not disclosing how you would go about doing this yet, though, but I will tell you possibilities of this happening.
The Enterprise Enrollment feature is mainly used for students with Chromebooks. If a student who has a chromebook gets off of the Enterprise Enrollment system, even temporarily, they can basically get off of it permanently. By exploiting this bug, a user is able to get into developer mode, even if blocked by the device manager, and log on without having to sign into the Enterprise Enrollment. From this clean and open logon, a student can do many things in the console to change around the chromebook or even get off of the Enterprise Enrollment system permanently for the device. If the student powers off the device and turns it on with it still in its temporary bypass, it will still be clean. But, if the student resets the device via power wash or system restore, they will be back on the Enterprise Enrollment system. This bug is exploited only with features on the chromebook, and only a chromebook is needed. No external software required.

VERSION
Current Chrome Version: [48.0.2564.116] + [stable], though this works with any
Operating System: [Chrome OS]

REPRODUCTION CASE
You can easily exploit the bug and escape the Enterprise Enrollment in 15 minutes or even less! I will not disclose how to exploit this bug yet though.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Does not crash.

 
Cc: jialiul@chromium.org
Components: Enterprise
Labels: Needs-Feedback
Thanks for reporting, cameronbanff!
Could you provide us the procedure to re-produce this bypass? 
Also + enterprise component label for triaging. 


Comment 2 by mea...@chromium.org, Mar 15 2016

Status: WontFix (was: Unconfirmed)
cameronbanff: Closing this report since we haven't heard from you, but if you have any details please add it to this thread and we can reopen the bug.
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 22 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment