[Bug 1641259] [NEW] xfce4-terminal shows password visibly in clear between attempts and accepts (updated Nov. 17th)
Launchpad Bug Tracker
1641259 at bugs.launchpad.net
Thu Nov 17 12:36:27 UTC 2016
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
Corrected copy and pasted info Nov. 17th.
If written quickly after a failed attempt xfce4-terminal shows password
visibly in actual characters and accepts the password.
Example (the word "pass" is the password):
brett at BrettPC:~$ sudo su
[sudo] password for brett:
pass
Sorry, try again.
[sudo] password for brett:
root at BrettPC:/home/brett#
To clarify I did not enter a password the second time it sad "[sudo]
password for brett:" it simply accepted the one shown visibly.
** Affects: sudo (Ubuntu)
Importance: Undecided
Assignee: Andrew Donald (senoir-cielo)
Status: New
--
xfce4-terminal shows password visibly in clear between attempts and accepts (updated Nov. 17th)
https://bugs.launchpad.net/bugs/1641259
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to sudo in Ubuntu.
More information about the foundations-bugs
mailing list