https://bugs.kde.org/show_bug.cgi?id=449034
Bug ID: 449034
Summary: Screen lock textbox password visibility behaviour
Product: plasmashell
Version: 5.23.4
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: minor
Priority: NOR
Component: Theme - Breeze
Assignee: visual-des...@kde.org
Reporter: dbrun...@dbruneau.me
CC: plasma-b...@kde.org
Target Milestone: 1.0
SUMMARY
***
When pressing "escape" to reset the lock screen, it clears any entered password
text. However, the visibility state does not get reset. This can lead to
users getting tricked into revealing their password.
***
STEPS TO REPRODUCE
1. Lock your screen
2. Put text in the password box
3. Click on the password visibility toggle
4. Press "escape" (or wait until screen times out?)
5. Come back to type text in the password box
OBSERVED RESULT
The visibility state does not get reset at the same time as the password box
text gets reset.
EXPECTED RESULT
The visibility state gets reset to not show typed characters.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora KDE
(available in About System)
KDE Plasma Version: 5.23.4
KDE Frameworks Version: 5.89.0
Qt Version: 5.15.2
ADDITIONAL INFORMATION
I wouldn't call this a "bug". More along the lines of a possible improvement
to be made to improve security. If a workstation is left unattended, and
somebody toggles the text visibility, it's easy to type in your password
without noticing it will be showed to any prying eyes. (colleagues, etc...)
Thanks in advance,
--
You are receiving this mail because:
You are watching all bug changes.
