Red Hat Bugzilla – Bug 129055
xscreensaver exposes password in rdesktop
Last modified: 2007-11-30 17:10:46 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1 Description of problem: If I make an desktop connection to a Windows XP box fire up Word and any document, then lock the Fedora Gnome desktop, type my password into the XscreenSaver dialog window to unlock Gnome my password shows up in plain text within Word in the rdesktop connection. Here is the Windows info Stuff: Windows XP SP 1 with all patches MS Word (XP) 2002 SP3 Version-Release number of selected component (if applicable): rdesktop-1.3.1-3 xscreensaver-4.14-5 How reproducible: Always Steps to Reproduce: 1. make rdesktop connection to Win XP box 2. open Word XP/2003 and an empty doc, hit enter a few times 3. lock gnome desktop 4. type passwork into xscreensaver Actual Results: user account password entered in xcreensaver (and any other junk text for that matter) is exposed onto the Work doc. Expected Results: nothing Additional info: I cannot reproduce this with a gnome app like gedit nore can I do this with MS Notepad or MS Workpad in the rdesktop session, only Word.
This is a bug in rdesktop -- see bug 104713 But for what it's worth, as of xscreensaver 4.18, if it can't grab both the keyboard and mouse, xscreensaver does not blank the screen. This means that if you are running rdesktop or some other antisocially-long-keyboard-grabbing program, xscreensaver will never lock your screen until that grab is released. This is still bad, obviously, but perhaps it will confuse people less, and -- perhaps -- failing to lock at all is less bad than accidentally typing passwords at the wrong window, or being unable to unlock.
*** This bug has been marked as a duplicate of 104713 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.