https://bugs.kde.org/show_bug.cgi?id=449034
Bug ID: 449034 Summary: Screen lock textbox password visibility behaviour Product: plasmashell Version: 5.23.4 Platform: Fedora RPMs OS: Linux Status: REPORTED Severity: minor Priority: NOR Component: Theme - Breeze Assignee: visual-des...@kde.org Reporter: dbrun...@dbruneau.me CC: plasma-b...@kde.org Target Milestone: 1.0 SUMMARY *** When pressing "escape" to reset the lock screen, it clears any entered password text. However, the visibility state does not get reset. This can lead to users getting tricked into revealing their password. *** STEPS TO REPRODUCE 1. Lock your screen 2. Put text in the password box 3. Click on the password visibility toggle 4. Press "escape" (or wait until screen times out?) 5. Come back to type text in the password box OBSERVED RESULT The visibility state does not get reset at the same time as the password box text gets reset. EXPECTED RESULT The visibility state gets reset to not show typed characters. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora KDE (available in About System) KDE Plasma Version: 5.23.4 KDE Frameworks Version: 5.89.0 Qt Version: 5.15.2 ADDITIONAL INFORMATION I wouldn't call this a "bug". More along the lines of a possible improvement to be made to improve security. If a workstation is left unattended, and somebody toggles the text visibility, it's easy to type in your password without noticing it will be showed to any prying eyes. (colleagues, etc...) Thanks in advance, -- You are receiving this mail because: You are watching all bug changes.