This issue was reported to the Security Response Team by a customer. When you turn on the shift-lock and type in the wrong password, the text input dialog doesn't modify itself. While it's asking you for a password, and will display the letter you are typing, it's really the username entry you are typing in (this is still bad since it says password). If you type in a username, hit enter (the dialog still asks for the password), then type in the password for the username in question, it will log you in. I have reproduced this issue on RHEL3, but not reliably. Any additional input would be great. I'm not sure if this affects other versions we ship. I could not reproduce this on anything other than RHEL3.
Is this with the graphical greeter or the standard greeter?
It's the graphical greeter. I had not changed any of the defaults when I managed to reproduce this.
Hi Josh, I'm having trouble reproducing this. To clarify, when you perform the following steps, it sometimes demonstrates the abnormal behavior? 1. type in username and hit enter 2. hit caps-lock key 3. type in password and hit enter.
Josh, have you had a chance to look into this more?
I've not been able to reproduce this other than a few times on the day I filed this bug (not reliably though). I wish I had more or better information. If you're not able to reproduce this, I think closing it as WORKSFORME is appropriate.
Your wish is my command.