[Bug 2142460] Re: Apt update asking sudo password in asteriks can make guessing password length easy

Simon Johnsson 2142460 at bugs.launchpad.net
Tue Feb 24 08:20:25 UTC 2026 

Hey there @lotuspsychje! I understand your concerns. This is a new
default behavior of sudo-rs that intends to improve the user experience
of sudo, similar to how other password prompts allow you to see your
current input length. The decision was made based on the rationale that
if someone can physically see you inputting the password, then very
likely there are more significant security issues already.

However, should you feel that this does not improve your user
experience, you can disable the feature using `sudo visudo` to edit your
sudoers configuration file and then adding the line:

    "Defaults !pwfeedback"

I will mark this as "Won't Fix" as this is intended behavior. Although I
appreciate you taking the time to help make Ubuntu better by filing a
bug report.

Best,
Simon

** Changed in: rust-sudo-rs (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2142460

Title:
  Apt update asking sudo password in asteriks can make guessing password
  length easy

Status in apt package in Ubuntu:
  Invalid
Status in rust-sudo-rs package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu desktop 26.04 development branch @ 23/2/2026

  The new apt feature asking the sudo password in asteriks *******

  can make other users potentialy guess the password length

  wich make it easier guessing the real password

  ProblemType: Bug
  DistroRelease: Ubuntu 26.04
  Package: apt 3.1.16
  ProcVersionSignature: Ubuntu 6.19.0-6.6-generic 6.19.2
  Uname: Linux 6.19.0-6-generic x86_64
  ApportVersion: 2.33.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Feb 23 12:03:00 2026
  InstallationDate: Installed on 2025-10-21 (125 days ago)
  InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Release amd64 (20251007)
  ProcEnviron:
   LANG=nl_NL.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: apt
  UpgradeStatus: Upgraded to resolute on 2025-10-21 (125 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2142460/+subscriptions

More information about the foundations-bugs mailing list