Security Issue: Unlock password goes directly to guest machine
Posted: Tue Aug 15, 2017 1:39 pm
Hi,
I have noticed an issue that is actually quiet a security risk.
I run Linux Mint 17.3, 64 bit, cinnamon. Everything up to date, and I have virtualbox 5.1.22. I have another mint 17.3 version running inside virtualbox.
Now, I noticed that If I leave the guest window active and the screen of the host locks out, the unlocking password immediatly goes into the virtualbox window (at least if I start entering the password while the screen is black, assuming that I unlock the host screen). I can also use the guest machine however I want, but as soon as I click somewhere outside the guest window, I am asked to enter the unlocking password for the host. If, for some reason, there is a key logger running inside the guest, this could then get the password of the host.
I have noticed an issue that is actually quiet a security risk.
I run Linux Mint 17.3, 64 bit, cinnamon. Everything up to date, and I have virtualbox 5.1.22. I have another mint 17.3 version running inside virtualbox.
Now, I noticed that If I leave the guest window active and the screen of the host locks out, the unlocking password immediatly goes into the virtualbox window (at least if I start entering the password while the screen is black, assuming that I unlock the host screen). I can also use the guest machine however I want, but as soon as I click somewhere outside the guest window, I am asked to enter the unlocking password for the host. If, for some reason, there is a key logger running inside the guest, this could then get the password of the host.