New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 645732 link

Starred by 2 users
Status: Duplicate
Owner:
rspangler@chromium.org
Last visit > 30 days ago
Closed: Oct 2016
Cc:
scunning...@chromium.org
tnagel@chromium.org
kerrnel@chromium.org
mnissler@chromium.org
mdrasner@chromium.org
dchan@chromium.org
cyrusm@chromium.org
krishna...@chromium.org
saintlou@google.com
adurbin@chromium.org
josa...@google.com
puneetster@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 0
Type: Bug-Security

Blocked on:
issue 436305


Sign in to add a comment

Security: Forced Enrollment Bypass on Chromebook

Reported by gwampydw...@gmail.com, Sep 10 2016 
VULNERABILITY DETAILS
Using a USB loaded with Chrome Version R36, a person can go into developer mode and avoid the mandatory device enrollment for devices under enterprise management.

VERSION
Operating System: [Chrome OS, 53.0.2785.103 Stable] Asus Chromebook c200

REPRODUCTION CASE
Workaround instructions:
1. Preload a USB flash drive or SD card with chrome OS version R36.
2. In chromeOS, press the keys [esc]+[refresh]+[power] to bring the chromebook into the "Chrome OS is missing or damaged" screen.
3. Insert the recovery media (with version R36) into the corresponding slot and wait for the chromebook to finish 'recovering' the OS. The chromebook will then reboot.
4. As soon as the starting screensaver appears, press [esc]+[refresh]+[power] to bring the chromebook into the "Chrome OS is missing or damaged screen".
5. Press [Ctrl]+[d].
6. The chromebook will then boot into developer mode and will not be forcibly re-enrolled. Also, the chromebook will not be re-enrolled on future restarts.
Total Time taken: 7 minutes 3 seconds

--Dwagon

Comment 1 by gwampydw...@gmail.com, Sep 10 2016 

Bypass*

Comment 2 by elawrence@chromium.org, Sep 11 2016

Components: OS>Installer Enterprise

Comment 3 by wfh@chromium.org, Sep 12 2016

Components: -OS>Installer OS>Firmware>EC
Labels: OSFirmwareEC Security_Impact-Stable Security_Severity-Low OS-Chrome Pri-2
Owner: rspangler@chromium.org
Status: Assigned (was: Unconfirmed)
Summary: Security: Forced Enrollment Bypass on Chromebook (was: Security: Forced Enrollment Bybass on Chromebook)
rspangler can you help triage this bug? Thanks.

Comment 4 by rspangler@chromium.org, Sep 12 2016

Blockedon: 436305
This is expected behavior, given that we haven't rolled the kernel version between R36 and R53.  So it's possible to roll back to an old version using an old recovery image.

As soon as we roll the kernel versions, this approach will not work.

Comment 5 by rspangler@chromium.org, Sep 12 2016

Cc: tnagel@chromium.org

Comment 6 by tnagel@chromium.org, Sep 13 2016

Cc: cyrusm@chromium.org mdrasner@chromium.org

Comment 7 by cyrusm@chromium.org, Sep 14 2016

Labels: -Pri-2 Pri-0
Raising priority since escaping enrollment issues are always P0.

Comment 8 by patricia@chromium.org, Sep 16 2016

Cc: krishna...@chromium.org dchan@chromium.org scunning...@chromium.org

Comment 9 by wfh@chromium.org, Sep 19 2016

Cc: kerrnel@chromium.org
 Issue 648245  has been merged into this issue.

Comment 10 by jorgelo@chromium.org, Sep 20 2016

Cc: mnissler@chromium.org
What Randall said on c#4. There's movement on issue 436305.
Project Member

Comment 11 by sheriffbot@chromium.org, Sep 24 2016 

Pri-0 bugs are critical regressions or serious emergencies, and this bug has not been updated in three days. Could you please provide an update, or adjust the priority to a more appropriate level if applicable?

If a fix is in active development, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 12 by rspangler@chromium.org, Oct 4 2016

Mergedinto: 436305
Status: Duplicate (was: Assigned)
Project Member

Comment 13 by sheriffbot@chromium.org, Jan 11 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment