Security Issue: Unlock password goes directly to guest machine

Questions about virtualization software
Forum rules
Before you post please read how to get help
Arp
Level 2
Level 2
Posts: 82
Joined: Mon Mar 11, 2013 8:41 am

Security Issue: Unlock password goes directly to guest machine

Postby Arp » Tue Aug 15, 2017 1:39 pm

Hi,

I have noticed an issue that is actually quiet a security risk.

I run Linux Mint 17.3, 64 bit, cinnamon. Everything up to date, and I have virtualbox 5.1.22. I have another mint 17.3 version running inside virtualbox.

Now, I noticed that If I leave the guest window active and the screen of the host locks out, the unlocking password immediatly goes into the virtualbox window (at least if I start entering the password while the screen is black, assuming that I unlock the host screen). I can also use the guest machine however I want, but as soon as I click somewhere outside the guest window, I am asked to enter the unlocking password for the host. If, for some reason, there is a key logger running inside the guest, this could then get the password of the host.

Return to “Virtualization”

Who is online

Users browsing this forum: No registered users and 1 guest