First Last Prev Next    This bug is not in your last search results.
Bug 50681 - gdm logs my password
gdm logs my password
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: gdm (Show other bugs)
1.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Havoc Pennington
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-01 21:13 EDT by Jonathan Kamens
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-02 11:31:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jonathan Kamens 2001-08-01 21:13:11 EDT 
I accidentally typed my password in the username field of a gdm login
screen -- I thought the screen was locked rather than logged out, and I
typed the password before the monitor had a change to wake up.

Imagine my surprise when my password was logged in cleartext in
/var/log/messages!  "gdm[1384]: Couldn't authenticate XXXX"

It is a cardinal rule of designing login interfaces that you never log
information typed by the user, for just this reason.
Comment 1 Havoc Pennington 2001-08-02 11:31:09 EDT 
Someone just reported this same bug for another reason, you can enter "%s%s%s"
as your password and get some uninitialized memory reads. Looks like it's "turn
off gdm logging crack" day.
Comment 2 Havoc Pennington 2001-08-02 12:44:39 EDT 
gdm-2.2.3.1-11 should resolve this.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.