You are not logged in.

Pages: 1

#1 2022-12-20 15:03:33

simeon
Member
Registered: 2012-03-06
Posts: 16

passwords lost

Today, from one minute to the other, my unix passwords changed. The last time I ran pacman was the morning before. After that no issues; sudo and gdm lock screen worked fine. Then VTs, sudo and gdm stopped accepting my user or root password.

from logs:

journalctl -n 10000 | grep USER_AUTH
Dez 20 13:16:05 semsnb01 audit[122846]: USER_AUTH pid=122846 uid=0 auid=1000 ses=3 msg='op=PAM:authentication grantors=pam_shells,pam_faillock,pam_permit,pam_faillock,pam_gnome_keyring acct="simeon" exe="/usr/lib/gdm-session-worker" hostname=semsnb01 addr=? terminal=/dev/tty1 res=success'
Dez 20 14:05:26 semsnb01 audit[127682]: USER_AUTH pid=127682 uid=1000 auid=1000 ses=4 msg='op=PAM:authentication grantors=? acct="simeon" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'
Dez 20 14:30:50 semsnb01 audit[130795]: USER_AUTH pid=130795 uid=1000 auid=1000 ses=4 msg='op=PAM:authentication grantors=? acct="simeon" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'

I started a live medium and chrooted into the system. The timestamps of /etc/shadow and /etc/passwd were OK. but sudo did not work either. I set the user password to the old password with passwd, I ran pacmatic -Syu in chroot, rebooted and chrooted again. Now sudo works.

Back in normal system, gdm login works; but gnome-secrets states that the password changed and my old (identical) password is not correct.

What happened here? Had I been hacked?

Offline

#2 2022-12-20 15:08:33

simeon
Member
Registered: 2012-03-06
Posts: 16

Re: passwords lost

Some further observations I did:

* before chroot from a live medium I tried turning it off and on again
* the FN key from the notebook seemed to be locked; rebooting did not help. Whenever I typed some certain keys on the notebook it would spit out some strange control sequences. The USB keybord worked fine though.
* I unplugged every device
* I could not find any suspicious activity in the journal between working and failed logins

Offline

#3 2022-12-20 15:23:47

simeon
Member
Registered: 2012-03-06
Posts: 16

Re: passwords lost

Ha. Nice. Turns out I require some vacation. My muscle-memory reproducible slipped in a wrong key. I even changed the password to this wrong password, rebooted and typed in again the wrong password. When I noticed I really concentrated, tried to read back in clear text what I was typing, and unintentionally always typed in the wrong key.

Offline

Pages: 1

Board footer

Powered by FluxBB