Skip to content

Debug logging on secure screens

Moderate
feerrenrut published GHSA-354r-wr4v-cx28 Mar 22, 2022

Software

nvda

Affected versions

<2021.3.4

Patched versions

2021.3.4

Description

Summary

With the --debug-logging NVDA command line option, it is possible to enable debug logging in secure mode.
From a secure screen, it is possible to activate debug logging by restarting NVDA and selecting "Restart with debug logging" in the Exit Dialog.
This creates an instance of NVDA performing debug logging from the system profile, from a secure context.
This allows a user with administrator privileges to read a secure debug log, such as a different user using the sign-in screen.

Pull request(s)

#13488

Limitations

To be able to read the log, a user must have administrator privileges.

Technical details

Proof of concept

Run nvda with -s and --debug-logging.
Confirm that a new nvda.log is created. This can be found
in source/nvda.log when running from source
in %TEMP%/nvda.log when running as installed

Workarounds

None known

Timeline

This was reported in late February, after the 2021.3.3 release.
A patch was created to be added to a 2021.3.4 patch release in March.

Indicators of compromise

A nvda.log can be found in the system profile %TEMP% directory: %systemdrive%\Windows\Temp

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Local
Attack complexity
Low
Privileges required
High
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CVE ID

No known CVE

Weaknesses

No CWEs

Credits