CVE-2025-64170

# CVE-2025-64170 PoC - sudo-rs Password Timeout Echo Vulnerability # This PoC demonstrates the password echo behavior when timeout occurs import subprocess import time import sys def trigger_password_timeout(): """ Simulate the scenario where password input times out and gets echoed. Note: This is a conceptual PoC. Actual exploitation requires local access. """ print("[+] CVE-2025-64170 PoC - sudo-rs Password Timeout Echo") print("[*] Affected versions: sudo-rs 0.2.7 to 0.2.9") print("[*] This PoC demonstrates the vulnerability concept\n") # The vulnerability occurs when: # 1. User runs sudo command # 2. User types password but doesn't press Enter # 3. Password timeout occurs (typically after 5 minutes) # 4. The typed characters are echoed back to the terminal scenario = """ Attack Scenario: 1. Attacker observes target user at terminal 2. Target executes: sudo <command> 3. Target starts typing password but delays pressing Enter 4. Password timeout triggers after configured time (default: 5 minutes) 5. Sudo-rs echoes the typed password characters to stdout 6. Attacker observes partial/full password on screen Example terminal output: [sudo] password for user: mypa # After timeout, if timeout is not properly handled: [sudo] password for user: mypa # Password echoed without masking """ print(scenario) # Technical details for verification verification = """ To verify the vulnerability: 1. Build sudo-rs version 0.2.7-0.2.9 2. Configure short password timeout for testing 3. Execute sudo command and type password 4. Wait for timeout without pressing Enter 5. Observe if password characters are echoed Code location in sudo-rs: - Password input handling: src/tty.rs or similar - Timeout handling logic - Echo mechanism after timeout """ print(verification) return True if __name__ == "__main__": trigger_password_timeout()

{"cve": {"id": "CVE-2025-64170", "sourceIdentifier": "[email protected]", "published": "2025-11-12T21:15:53.433", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered are echoed back to the console. This could reveal partial password information, possibly exposing history files when not carefully handled by the user and on screen, usable for Social Engineering or Pass-By attacks. Version 0.2.10 fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "baseScore": 3.8, "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.1, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-549"}]}], "references": [{"url": "https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.10", "source": "[email protected]"}, {"url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw", "source": "[email protected]"}]}}