Bug 984320 - lightdm-gtk makes passwords visible
lightdm-gtk makes passwords visible
Status: CLOSED DUPLICATE of bug 994237
Product: Fedora
Classification: Fedora
Component: lightdm-gtk (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Rex Dieter
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-07-14 17:50 EDT by Michal Jaegermann
Modified: 2013-08-14 09:53 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-14 09:53:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michal Jaegermann 2013-07-14 17:50:42 EDT
Description of problem:

Typing a password into a greeter after an update to lightdm-gtk-1.6.0-1.fc20.x86_64 makes this password visible for anybody around who would like to read it.  Hardly desirable and/or wise.

Version-Release number of selected component (if applicable):

How reproducible:

Expected results:
Nothing chaning on a screen when typing a password.  Ever "masking" typed characters with bullets discloses an information about a password length.
Comment 1 Christoph Wickert 2013-07-14 19:48:11 EDT
I am using lightdm-gtk 1.6.0-1.fc19 (note f19 vs. f20) and cannot confirm your problem. The password is correctly masked with bullets. Even if you don't like it, this is common behavior in all graphical applications across all OSes and I think it makes sense as users need a form of feedback.

just to make sure I understand you correctly: Are you seeing the plain text password in the greeter?
Comment 2 Michal Jaegermann 2013-07-14 22:40:03 EDT
(In reply to Christoph Wickert from comment #1)

> just to make sure I understand you correctly: Are you seeing the plain text
> password in the greeter?

Yes, that is exactly what I am seeing.  To my great surprise, I should add. On a request I may attach a picture.  BTW - a correct password is accepted and I am logged in.

A side remark about masking with bullets only meant that using such thing discloses a private information too.  It is definitely better than a plain text but a wrong thing to do as well.  Such bad behaviour is far from universal.
Comment 3 Rex Dieter 2013-07-15 07:52:11 EDT
To be clear, bullet passwords are not a bug, it's by design.  Let's stay focused on the bug as described here, clear-test passwords.
Comment 4 Rex Dieter 2013-08-14 09:53:32 EDT
It's a gtk3 issue, see bug #994237

*** This bug has been marked as a duplicate of bug 994237 ***

Note You need to log in before you can comment on or make changes to this bug.