[Bug 1698604] Re: login will show unmasked password if user types too fast on a slow system

Springnuts 1698604 at bugs.launchpad.net
Thu Jul 9 22:46:01 UTC 2020 

Just had this when updating Ubuntu via the terminal - first three
characters of sudo password displayed on terminal (where the green blob
is on the photo).


** Attachment added: "terminal-bug.jpg"
   https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1698604/+attachment/5391151/+files/terminal-bug.jpg

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1698604

Title:
  login will show unmasked password if user types too fast on a slow
  system

Status in shadow package in Ubuntu:
  Confirmed

Bug description:
  At the login, from the terminal, the user must login using his
  username and password.

  The program first displays "<host> login:", then the user enters his
  username. Once the user has pressed "enter", he must enter his
  password. The user may type too quickly before "Password:" appears and
  thus what he types before "Password:" was displayed will appear on the
  screen.

  This occurs when the computer is slow when verifying the login
  username. Users that are used to fast computer will start typing right
  their password right after pressing "enter" and the characters will
  appear on the screen.

  The result would be something like this:
  ============================================
  Ubuntu 16.04.2 LTS computername tty2

  computername login: myusername

  mypPassword:

  ============================================

  People who may look at my screen will see that my password starts with
  "myp". The other characters typed after that "Password:" was displayed
  are invisible.

  The solution would be to make every characters that are typed after
  the user has entered his password invisible. It could also be a good
  idea to give the user a sound cue (a PC speaker beep) when he enters a
  character in the case where he starts typing his password too fast.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1698604/+subscriptions

More information about the foundations-bugs mailing list