udisks Missing Authorization Vulnerability Allows Unauthorized Backup of LUKS Encryption Headers

A vulnerability exists in the udisks storage management daemon, allowing unprivileged users to unauthorizedly back up LUKS encryption headers. This issue arises because a privileged D-Bus method intended for exporting encryption metadata lacks a proper policy check. Consequently, sensitive cryptographic metadata can be accessed and written to locations controlled by the attacker, undermining the confidentiality of encrypted storage volumes.

Impact

Exploitation of this vulnerability leads to the unauthorized disclosure of LUKS encryption metadata, which could facilitate offline password-cracking or cryptographic analysis attacks.

Reproduction

The vulnerability can be reproduced by an unprivileged local user who invokes the 'org.freedesktop.UDisks2.Encrypted.HeaderBackup' D-Bus method. This action triggers the udisks daemon to export LUKS headers and keyslot metadata to a file path specified by the user, without requiring authentication or user interaction.