*** This bug is a security vulnerability ***
Public security bug reported:
When my machine comes out of suspend, I am shown the lightdm greeter.
However, occasionally I am unable to enter my password since the
password box is not given focus. Clicking with the mouse in the password
box also doesn't help.
I've found that clicking the settings cog (top right) twice allows me to
regain control of the focus and enter my password.
Aside from the inability to enter my password in the password box, it
seems that simply typing my password (or in fact any text) results in
those keystrokes being passed to the full-screen window *behind* the
greeter. This should not be possible and is a security issue: imagine if
my full-screen console was connected to a remote shared session, or was
running an irc client, etc.).
ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: lightdm 1.11.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-4.9-generic 3.16.0-rc5
Uname: Linux 3.16.0-4-generic x86_64
ApportVersion: 2.14.4-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Jul 20 09:08:47 2014
InstallationDate: Installed on 2014-04-11 (99 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
SourcePackage: lightdm
UpgradeStatus: Upgraded to utopic on 2014-05-08 (72 days ago)
** Affects: lightdm (Ubuntu)
Importance: High
Status: New
** Tags: amd64 apport-bug third-party-packages utopic
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1345505
Title:
lightdm leaks keystrokes to window "behind" greeter
Status in “lightdm” package in Ubuntu:
New
Bug description:
When my machine comes out of suspend, I am shown the lightdm greeter.
However, occasionally I am unable to enter my password since the
password box is not given focus. Clicking with the mouse in the
password box also doesn't help.
I've found that clicking the settings cog (top right) twice allows me
to regain control of the focus and enter my password.
Aside from the inability to enter my password in the password box, it
seems that simply typing my password (or in fact any text) results in
those keystrokes being passed to the full-screen window *behind* the
greeter. This should not be possible and is a security issue: imagine
if my full-screen console was connected to a remote shared session, or
was running an irc client, etc.).
ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: lightdm 1.11.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-4.9-generic 3.16.0-rc5
Uname: Linux 3.16.0-4-generic x86_64
ApportVersion: 2.14.4-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Jul 20 09:08:47 2014
InstallationDate: Installed on 2014-04-11 (99 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
SourcePackage: lightdm
UpgradeStatus: Upgraded to utopic on 2014-05-08 (72 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1345505/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
