Red Hat Bugzilla – Bug 129055
xscreensaver exposes password in rdesktop
Last modified: 2007-11-30 17:10:46 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Description of problem:
If I make an desktop connection to a Windows XP box fire up Word and
any document, then lock the Fedora Gnome desktop, type my password
into the XscreenSaver dialog window to unlock Gnome my password shows
up in plain text within Word in the rdesktop connection.
Here is the Windows info Stuff:
Windows XP SP 1 with all patches
MS Word (XP) 2002 SP3
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. make rdesktop connection to Win XP box
2. open Word XP/2003 and an empty doc, hit enter a few times
3. lock gnome desktop
4. type passwork into xscreensaver
Actual Results: user account password entered in xcreensaver (and any
other junk text for that matter) is exposed onto the Work doc.
Expected Results: nothing
I cannot reproduce this with a gnome app like gedit nore can I do this
with MS Notepad or MS Workpad in the rdesktop session, only Word.
This is a bug in rdesktop -- see bug 104713
But for what it's worth, as of xscreensaver 4.18, if it can't grab
both the keyboard and mouse, xscreensaver does not blank the screen.
This means that if you are running rdesktop or some other
antisocially-long-keyboard-grabbing program, xscreensaver will never
lock your screen until that grab is released.
This is still bad, obviously, but perhaps it will confuse people less,
and -- perhaps -- failing to lock at all is less bad than accidentally
typing passwords at the wrong window, or being unable to unlock.
*** This bug has been marked as a duplicate of 104713 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.