Bug 118679

Summary: bluecurve login screen displays last login before password is controlled
Product: [Fedora] Fedora Reporter: kb <k_b0000>
Component: gdmAssignee: Havoc Pennington <hp>
Status: CLOSED DUPLICATE QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:02:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description kb 2004-03-18 20:16:15 UTC 
Description of problem: 
bluecurve login screen displays last login before password is controlled. 
 
please observe that the indicated component is selcted only because some needed to be 
selected. please move to correct. 
 
 
 
Version-Release number of selected component (if applicable): 
fedora core 2 test 1.90 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. start X (without beeing logged in) (runlevel5) 
2. at the login screen, type the username, press <ENTER> 
3. if the user exists and has been logged on, the screen will display last logon 
information even though the password is not entered. 
 
 
Actual Results:  last logon is showed prior to complete logon, 
thus allowing "hackers" to faster find valid usernames. 
 
Expected Results:  no information at all should be showed after the username is 
entered.
Comment 1 Bill Nottingham 2004-03-19 04:07:37 UTC 

*** This bug has been marked as a duplicate of 118067 ***
Comment 2 Red Hat Bugzilla 2006-02-21 19:02:03 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.