Bugtraq mailing list archives
Re: visible passwd bug in kdm ?
From: ankh () CANUCK GEN NZ (J. Sean Connell)
Date: Mon, 15 Dec 1997 13:59:40 +1300
On Wed, 10 Dec 1997, Sascha Runschke wrote:
it seems that there is a bug in the login procedure of the kdm environment. If you type your passwd when prompted for it and afterwards try to mark the invisible passwd with the mouse, it suddenly becomes visible. I don't think it's that dangerous, but there might be a situation where you cannot end your login-sequence and someone else is able to access your station. I did not check the code yet, because I do not use kdm. But maybe I'll have a look later.
I don't know about this exact problem, but there is a generic problem with Qt in this regard: A text entry field that has been set to "password" mode still permits selection (and therefore copying) of the plaintext contents. I spoke with Arnt Gulbrandsen at Troll Tech about this after discovering it myself while working on a nice GUI s/key calculator (email me if you're interested). I can't remember what he said about why it was that way, but after I pointed out that while under Windows inadvertent selection does not cause copy, it *does* under X - which makes accidentally pasting your password into the wrong window (or even having someone snoop it out of your server - yeah, this is rather unrealistic ;) trivially easy. He concurred and mumbled something about it being fixed in 1.4 or so. Please note that I have no connection with Troll Tech other than being a personal friend of Arnt's, and that anything in the preceding paragraph could be wrong. Arnt, further comment from the proverbial horse's mouth? (And please don't shoot me ;) -- J. S. Connell | Systems Adminstrator, ICONZ. Any opinions stated above ankh () canuck gen nz | are not my employers', not my boyfriends', my God's, my ankh () iconz co nz | friends', and probably not even my own. -------------------+--------------------------------------------------------- PGP key at http://www.canuck.gen.nz/~ankh/pgpkey.html
Current thread:
- visible passwd bug in kdm ? Sascha Runschke (Dec 10)
- Re: visible passwd bug in kdm ? J. Sean Connell (Dec 14)