login will show unmasked password if user types too fast on a slow system
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| shadow (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
At the login, from the terminal, the user must login using his username and password.
The program first displays "<host> login:", then the user enters his username. Once the user has pressed "enter", he must enter his password. The user may type too quickly before "Password:" appears and thus what he types before "Password:" was displayed will appear on the screen.
This occurs when the computer is slow when verifying the login username. Users that are used to fast computer will start typing right their password right after pressing "enter" and the characters will appear on the screen.
The result would be something like this:
=======
Ubuntu 16.04.2 LTS computername tty2
computername login: myusername
mypPassword:
=======
People who may look at my screen will see that my password starts with "myp". The other characters typed after that "Password:" was displayed are invisible.
The solution would be to make every characters that are typed after the user has entered his password invisible. It could also be a good idea to give the user a sound cue (a PC speaker beep) when he enters a character in the case where he starts typing his password too fast.
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in shadow (Ubuntu): | |
| status: | New → Confirmed |
| Springnuts (simon-springnuts-orangehome) wrote | #2 |
Status changed to 'Confirmed' because the bug affects multiple users.