Password security issues in GDM
poma
pomidorabelisima at gmail.com
Wed May 7 04:59:19 UTC 2014
On 07.05.2014 02:43, Rodd Clarkson wrote:
> I've filed bug number 1092274 (
> https://bugzilla.redhat.com/show_bug.cgi?id=1092274) about a week ago, and
> so far there's been no response.
>
> I have a lab full of fedora desktops and I have disabled the standard login
> method so the users have to type their username (so that other usernames
> are not exposed).
>
> The problem is that GDM is asking for the username twice.
>
> So what happens is that the user types their username, and the their
> password (which is what you would expect next in a normal log in process)
> but their password is typed in plain text on the screen for all to see.
>
> This has to be a serious security issue (if not just bloody annoying to the
> user). Obviously I'm asking if someone could look at this and address it.
>
>
> Rodd
$ rpm -q gdm
gdm-3.10.0.1-1.fc20.x86_64
I just checked, and I have not found what you're describing!
By the way this is related to the stable version, and somewhere over the rainbow is a proper place for it.
poma
More information about the test
mailing list