Bug 50681 - gdm logs my password
gdm logs my password
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: gdm (Show other bugs)
1.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Havoc Pennington
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-01 21:13 EDT by Jonathan Kamens
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-02 11:31:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jonathan Kamens 2001-08-01 21:13:11 EDT
I accidentally typed my password in the username field of a gdm login
screen -- I thought the screen was locked rather than logged out, and I
typed the password before the monitor had a change to wake up.

Imagine my surprise when my password was logged in cleartext in
/var/log/messages!  "gdm[1384]: Couldn't authenticate XXXX"

It is a cardinal rule of designing login interfaces that you never log
information typed by the user, for just this reason.
Comment 1 Havoc Pennington 2001-08-02 11:31:09 EDT
Someone just reported this same bug for another reason, you can enter "%s%s%s"
as your password and get some uninitialized memory reads. Looks like it's "turn
off gdm logging crack" day.
Comment 2 Havoc Pennington 2001-08-02 12:44:39 EDT
gdm-2.2.3.1-11 should resolve this.

Note You need to log in before you can comment on or make changes to this bug.