Red Hat Bugzilla – Bug 984320
lightdm-gtk makes passwords visible
Last modified: 2013-08-14 09:53:32 EDT
Description of problem:
Typing a password into a greeter after an update to lightdm-gtk-1.6.0-1.fc20.x86_64 makes this password visible for anybody around who would like to read it. Hardly desirable and/or wise.
Version-Release number of selected component (if applicable):
Nothing chaning on a screen when typing a password. Ever "masking" typed characters with bullets discloses an information about a password length.
I am using lightdm-gtk 1.6.0-1.fc19 (note f19 vs. f20) and cannot confirm your problem. The password is correctly masked with bullets. Even if you don't like it, this is common behavior in all graphical applications across all OSes and I think it makes sense as users need a form of feedback.
just to make sure I understand you correctly: Are you seeing the plain text password in the greeter?
(In reply to Christoph Wickert from comment #1)
> just to make sure I understand you correctly: Are you seeing the plain text
> password in the greeter?
Yes, that is exactly what I am seeing. To my great surprise, I should add. On a request I may attach a picture. BTW - a correct password is accepted and I am logged in.
A side remark about masking with bullets only meant that using such thing discloses a private information too. It is definitely better than a plain text but a wrong thing to do as well. Such bad behaviour is far from universal.
To be clear, bullet passwords are not a bug, it's by design. Let's stay focused on the bug as described here, clear-test passwords.
It's a gtk3 issue, see bug #994237
*** This bug has been marked as a duplicate of bug 994237 ***