Password security issues in GDM
Samuel Sieb
samuel at sieb.net
Wed May 7 06:33:53 UTC 2014
On 05/06/2014 05:43 PM, Rodd Clarkson wrote:
> I've filed bug number 1092274
> (https://bugzilla.redhat.com/show_bug.cgi?id=1092274) about a week ago,
> and so far there's been no response.
>
> I have a lab full of fedora desktops and I have disabled the standard
> login method so the users have to type their username (so that other
> usernames are not exposed).
>
> The problem is that GDM is asking for the username twice.
>
> So what happens is that the user types their username, and the their
> password (which is what you would expect next in a normal log in
> process) but their password is typed in plain text on the screen for all
> to see.
>
Known issue. There's a Fedora bug and an upstream Gnome bug filed for
it. I don't have the numbers off-hand.
And as someone else mentioned, this is the wrong list...
More information about the test
mailing list