Cleartext Passwords in Linux Memory

Upon examination, the memory of a popular Linux distribution contained many cleartext passwords, including login, SSH, Truecrypt, email, IM and root passwords. These passwords are retained by running applications and stored as plain text in memory for extended periods of time. The paper investigated the source of these passwords and presents a proof-of-concept method for recovering passwords from memory. The cold boot researchers demonstrated that memory is not as volatile as commonly expected, and that data from memory can be recovered with physical access to systems in a very short period of time. This has opened up a new class of attacks in physical IT security, and significantly raised the risk associated with cleartext passwords in memory.