Issue metadata
Sign in to add a comment
|
Security: ChromeOS "Powerwash" Does Not Erase Wireless Passwords
Reported by
wid...@gmail.com,
Mar 21 2018
|
||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com /chromium/src/+/master/docs/security/faq.md Please see the following link for instructions on filing security bugs: https://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS Upon completing a "Powerwash" of a Pixelbook, I found the wireless keys were still stored on the Pixelbook. This could lead an attacker to connect to a wireless network even if the user is not authorized on the network. Additionally, the warnings on the "Powerwash" insinuate all configurations are reset to factory settings. This may be "By design", but it does contradict the concept of a "factory reset" and does represent a security vulnerability. VERSION Chrome Version: 7.1.1 Operating System: Android 7.1.1 (Pixelbook) REPRODUCTION CASE 1. Connect to a secure (WEP enabled) wireless network. 2. Execute a "Powerwash" on the Pixelbook. 3. Complete the "Powerwash". 4. Upon re-initialization, select the WEP enabled wireless network. 5. The Pixelbook should connect.
,
Mar 21 2018
Thank you. Please keep me posted.
,
Mar 22 2018
Disregard. Operator error!!! (Smiling) The Pixel connected to an open wireless connection! :)
,
Mar 22 2018
Ah, thanks for letting us know!
,
Jun 28 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Mar 21 2018