I've filed bug number 1092274 (https://bugzilla.redhat.com/show_bug.cgi?id=1092274) about a week ago, and so far there's been no response.

I have a lab full of fedora desktops and I have disabled the standard login method so the users have to type their username (so that other usernames are not exposed).

The problem is that GDM is asking for the username twice.

So what happens is that the user types their username, and the their password (which is what you would expect next in a normal log in process) but their password is typed in plain text on the screen for all to see.

This has to be a serious security issue (if not just bloody annoying to the user). Obviously I'm asking if someone could look at this and address it.