Bug 129055 - xscreensaver exposes password in rdesktop
Summary: xscreensaver exposes password in rdesktop
Status: CLOSED DUPLICATE of bug 104713
Alias: None
Product: Fedora
Classification: Fedora
Component: xscreensaver   
(Show other bugs)
Version: 2
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2004-08-03 15:53 UTC by Brian Dudek
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 19:04:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Brian Dudek 2004-08-03 15:53:53 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040626 Firefox/0.9.1

Description of problem:
If I make an desktop connection to a Windows XP box fire up Word and
any document, then lock the Fedora Gnome desktop, type my password
into the XscreenSaver dialog window to unlock Gnome my password shows
up in plain text within Word in the rdesktop connection.  

Here is the Windows info Stuff:

Windows XP SP 1 with all patches
MS Word (XP) 2002 SP3 

Version-Release number of selected component (if applicable):
rdesktop-1.3.1-3   xscreensaver-4.14-5

How reproducible:

Steps to Reproduce:
1. make rdesktop connection to Win XP box
2. open Word XP/2003 and an empty doc, hit enter a few times
3. lock gnome desktop
4. type passwork into xscreensaver

Actual Results:  user account password entered in xcreensaver (and any
other junk text for that matter) is exposed onto the Work doc.

Expected Results:  nothing

Additional info:

I cannot reproduce this with a gnome app like gedit nore can I do this
with MS Notepad or MS Workpad in the rdesktop session, only Word.

Comment 1 Jamie Zawinski 2004-08-15 08:36:56 UTC
This is a bug in rdesktop -- see bug 104713

But for what it's worth, as of xscreensaver 4.18, if it can't grab
both the keyboard and mouse, xscreensaver does not blank the screen.
This means that if you are running rdesktop or some other
antisocially-long-keyboard-grabbing program, xscreensaver will never
lock your screen until that grab is released.

This is still bad, obviously, but perhaps it will confuse people less,
and -- perhaps -- failing to lock at all is less bad than accidentally
typing passwords at the wrong window, or being unable to unlock.

Comment 2 Ray Strode [halfline] 2004-11-03 16:07:13 UTC

*** This bug has been marked as a duplicate of 104713 ***

Comment 3 Red Hat Bugzilla 2006-02-21 19:04:54 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.