This issue was reported to the Security Response Team by a customer.
When you turn on the shift-lock and type in the wrong password, the text
input dialog doesn't modify itself. While it's asking you for a password,
and will display the letter you are typing, it's really the username entry
you are typing in (this is still bad since it says password). If you type
in a username, hit enter (the dialog still asks for the password), then
type in the password for the username in question, it will log you in.
I have reproduced this issue on RHEL3, but not reliably. Any additional input
would be great. I'm not sure if this affects other versions we ship. I could
not reproduce this on anything other than RHEL3.
Is this with the graphical greeter or the standard greeter?
It's the graphical greeter. I had not changed any of the defaults
when I managed to reproduce this.
I'm having trouble reproducing this. To clarify, when you perform the
following steps, it sometimes demonstrates the abnormal behavior?
1. type in username and hit enter
2. hit caps-lock key
3. type in password and hit enter.
Josh, have you had a chance to look into this more?
I've not been able to reproduce this other than a few times on the day I filed
this bug (not reliably though). I wish I had more or better information. If
you're not able to reproduce this, I think closing it as WORKSFORME is appropriate.
Your wish is my command.