https://bugs.kde.org/show_bug.cgi?id=514391
Bug ID: 514391
Summary: plasmalogin leaks typed password to TTY1
Classification: Plasma
Product: plasma-login-manager
Version First unspecified
Reported In:
Platform: Other
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Target Milestone: ---
SUMMARY
`plasmalogin` blatantly leaks the typed password to TTY1.
STEPS TO REPRODUCE
1. Enable plasmalogin
2. Reboot and log in
3. Switch to tty1
OBSERVED RESULT
Terminal login is running on tty1, and my password that I typed in the
plasmalogin greeter is openly visible on tty1 as if typed on the username
prompt, as shown (pixelated) on the attached screenshot.
EXPECTED RESULT
No password leakage.
SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 6.5.4
KDE Frameworks Version: 6.21.0
Qt Version: 6.11.0
Kernel Version: 6.18.4-arch1-1 (64-bit)
Graphics Platform: Wayland
Processors: 12 × Intel® Core™ i7-8700 CPU @ 3.20GHz
Memory: 32 GiB of RAM (31.3 GiB usable)
Graphics Processor: NVIDIA GeForce GTX 960
ADDITIONAL INFORMATION
This has been consistently reproducible for a while, and I've been retrying
monthly to see if this issue was fixed, understanding that plasmalogin was
still in beta. Now that it is about to land in Plasma 6.6, it's probably the
right time to raise alarm about this.
--
You are receiving this mail because:
You are watching all bug changes.
