Summary
With the --debug-logging NVDA command line option, it is possible to enable debug logging in secure mode.
From a secure screen, it is possible to activate debug logging by restarting NVDA and selecting "Restart with debug logging" in the Exit Dialog.
This creates an instance of NVDA performing debug logging from the system profile, from a secure context.
This allows a user with administrator privileges to read a secure debug log, such as a different user using the sign-in screen.
Pull request(s)
#13488
Limitations
To be able to read the log, a user must have administrator privileges.
Technical details
Proof of concept
Run nvda with -s and --debug-logging.
Confirm that a new nvda.log is created. This can be found
in source/nvda.log when running from source
in %TEMP%/nvda.log when running as installed
Workarounds
None known
Timeline
This was reported in late February, after the 2021.3.3 release.
A patch was created to be added to a 2021.3.4 patch release in March.
Indicators of compromise
A nvda.log can be found in the system profile %TEMP% directory: %systemdrive%\Windows\Temp
For more information
If you have any questions or comments about this advisory:
CyrilleB79 Analyst
Summary
With the
--debug-loggingNVDA command line option, it is possible to enable debug logging in secure mode.From a secure screen, it is possible to activate debug logging by restarting NVDA and selecting "Restart with debug logging" in the Exit Dialog.
This creates an instance of NVDA performing debug logging from the system profile, from a secure context.
This allows a user with administrator privileges to read a secure debug log, such as a different user using the sign-in screen.
Pull request(s)
#13488
Limitations
To be able to read the log, a user must have administrator privileges.
Technical details
Proof of concept
Run nvda with
-sand--debug-logging.Confirm that a new nvda.log is created. This can be found
in
source/nvda.logwhen running from sourcein
%TEMP%/nvda.logwhen running as installedWorkarounds
None known
Timeline
This was reported in late February, after the 2021.3.3 release.
A patch was created to be added to a 2021.3.4 patch release in March.
Indicators of compromise
A
nvda.logcan be found in the system profile%TEMP%directory:%systemdrive%\Windows\TempFor more information
If you have any questions or comments about this advisory: