Red Hat Bugzilla – Bug 1268649
Corner case where lightdm allows the login even if the provided password is wrong
Last modified: 2015-10-13 15:51:30 EDT
Description of problem:
I found what seems a corner case where lightdm allows the login even if the provided password is actually "wrong". This might not be a true bug, but *in my opinion* the behavior of lightdm is not what an user expects.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create an user without password.
2. Login through lightdm with that user.
3. Provide a password for the login.
ligthdm allows the user to login.
At least in my opinion, lightdm should refuse the login. The real password is blank, so if no blank password is provided, the real combination of "login name + password" is not actually matched.
Fedora 23 Final TC1 (32 bit) on qemu-kvm.
lxdm has got the same approach (See bug 1268624).
*** This bug has been marked as a duplicate of bug 1271377 ***