Bug 129055 - xscreensaver exposes password in rdesktop
Summary: xscreensaver exposes password in rdesktop
Keywords:
Status: CLOSED DUPLICATE of bug 104713
Alias: None
Product: Fedora
Classification: Fedora
Component: xscreensaver
Version: 2
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-08-03 15:53 UTC by Brian Dudek
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-02-21 19:04:54 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Brian Dudek 2004-08-03 15:53:53 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040626 Firefox/0.9.1

Description of problem:
If I make an desktop connection to a Windows XP box fire up Word and
any document, then lock the Fedora Gnome desktop, type my password
into the XscreenSaver dialog window to unlock Gnome my password shows
up in plain text within Word in the rdesktop connection.  

Here is the Windows info Stuff:

Windows XP SP 1 with all patches
MS Word (XP) 2002 SP3 

Version-Release number of selected component (if applicable):
rdesktop-1.3.1-3   xscreensaver-4.14-5

How reproducible:
Always

Steps to Reproduce:
1. make rdesktop connection to Win XP box
2. open Word XP/2003 and an empty doc, hit enter a few times
3. lock gnome desktop
4. type passwork into xscreensaver
    

Actual Results:  user account password entered in xcreensaver (and any
other junk text for that matter) is exposed onto the Work doc.

Expected Results:  nothing

Additional info:

I cannot reproduce this with a gnome app like gedit nore can I do this
with MS Notepad or MS Workpad in the rdesktop session, only Word.

Comment 1 Jamie Zawinski 2004-08-15 08:36:56 UTC
This is a bug in rdesktop -- see bug 104713

But for what it's worth, as of xscreensaver 4.18, if it can't grab
both the keyboard and mouse, xscreensaver does not blank the screen.
This means that if you are running rdesktop or some other
antisocially-long-keyboard-grabbing program, xscreensaver will never
lock your screen until that grab is released.

This is still bad, obviously, but perhaps it will confuse people less,
and -- perhaps -- failing to lock at all is less bad than accidentally
typing passwords at the wrong window, or being unable to unlock.

Comment 2 Ray Strode [halfline] 2004-11-03 16:07:13 UTC

*** This bug has been marked as a duplicate of 104713 ***

Comment 3 Red Hat Bugzilla 2006-02-21 19:04:54 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.