password echo in plaintext at login screen
Posted: Sat Apr 28, 2012 6:32 am
Dear All,
Linux Mint 12 (lisa) LXDE. Fresh install, all ok. Boot up, login screen shows.
Now there is a strange behavior of the password box, reproduce as follows:
1) at the login name box, put one single space character (no login name), then press enter.
2) Now, in the password box, any text you type is given an echo in plaintext, instead of the usual black dots.
3) After pressing enter again, *a second* password box appears, but now text is given an echo in the usual black dots.
4) Even if a correct username (plus at least one space char) was used in step 1, AND the password was correct, I am not logged in, but asked for my username again.
I found that ANY username that contains a space character will trigger this password plaintext echo bug. Moreover, even when i just accidentally put a space character behind my correct username, the password that I type (shown in plaintext) does not log me into the system. Instead, I am just asked for my username again.
This is potentially dangerous, if I am loggin in while someone else is looking along. I accidentally press space bar while typing my login name (the ol' jittery thumb), and then in a reflex, type my password, which is now shown in plaintext to anyone looking over my shoulder.
Can anyone else please check if they can reproduce this simple, but serious little bug?
I am a (kind of) programmer, and since this is open source, I would *love* to try to fix this myself. No, really!
But I have no idea where to start, or even where to get the source code of this login screen.
Many thanks for any kind of help,
Cheers,
Van Vreeborg
Linux Mint 12 (lisa) LXDE. Fresh install, all ok. Boot up, login screen shows.
Now there is a strange behavior of the password box, reproduce as follows:
1) at the login name box, put one single space character (no login name), then press enter.
2) Now, in the password box, any text you type is given an echo in plaintext, instead of the usual black dots.
3) After pressing enter again, *a second* password box appears, but now text is given an echo in the usual black dots.
4) Even if a correct username (plus at least one space char) was used in step 1, AND the password was correct, I am not logged in, but asked for my username again.
I found that ANY username that contains a space character will trigger this password plaintext echo bug. Moreover, even when i just accidentally put a space character behind my correct username, the password that I type (shown in plaintext) does not log me into the system. Instead, I am just asked for my username again.
This is potentially dangerous, if I am loggin in while someone else is looking along. I accidentally press space bar while typing my login name (the ol' jittery thumb), and then in a reflex, type my password, which is now shown in plaintext to anyone looking over my shoulder.
Can anyone else please check if they can reproduce this simple, but serious little bug?
I am a (kind of) programmer, and since this is open source, I would *love* to try to fix this myself. No, really!
But I have no idea where to start, or even where to get the source code of this login screen.
Many thanks for any kind of help,
Cheers,
Van Vreeborg