[Bug 1698604] [NEW] login will show unmasked password if user types too fast on a slow system
Alexandre-Xavier Labonté-Lamoureux
alexandrexavier at live.ca
Sun Jun 18 03:21:43 UTC 2017
Public bug reported:
At the login, from the terminal, the user must login using his username
and password.
The program first displays "<host> login:", then the user enters his
username. Once the user has pressed "enter", he must enter his password.
The user may type too quickly before "Password:" appears and thus what
he types before "Password:" was displayed will appear on the screen.
This occurs when the computer is slow when verifying the login username.
Users that are used to fast computer will start typing right their
password right after pressing "enter" and the characters will appear on
the screen.
The result would be something like this:
============================================
Ubuntu 16.04.2 LTS computername tty2
computername login: myusername
mypPassword:
============================================
People who may look at my screen will see that my password starts with
"myp". The other characters typed after that "Password:" was displayed
are invisible.
The solution would be to make every characters that are typed after the
user has entered his password invisible. It could also be a good idea to
give the user a sound cue (a PC speaker beep) when he enters a character
in the case where he starts typing his password too fast.
** Affects: shadow (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1698604
Title:
login will show unmasked password if user types too fast on a slow
system
Status in shadow package in Ubuntu:
New
Bug description:
At the login, from the terminal, the user must login using his
username and password.
The program first displays "<host> login:", then the user enters his
username. Once the user has pressed "enter", he must enter his
password. The user may type too quickly before "Password:" appears and
thus what he types before "Password:" was displayed will appear on the
screen.
This occurs when the computer is slow when verifying the login
username. Users that are used to fast computer will start typing right
their password right after pressing "enter" and the characters will
appear on the screen.
The result would be something like this:
============================================
Ubuntu 16.04.2 LTS computername tty2
computername login: myusername
mypPassword:
============================================
People who may look at my screen will see that my password starts with
"myp". The other characters typed after that "Password:" was displayed
are invisible.
The solution would be to make every characters that are typed after
the user has entered his password invisible. It could also be a good
idea to give the user a sound cue (a PC speaker beep) when he enters a
character in the case where he starts typing his password too fast.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1698604/+subscriptions
More information about the foundations-bugs
mailing list