I don't think this was fully fixed, here is a copy of comment 12 from Bug #36855: https://bugs.launchpad.net/ubuntu/+source/ubuntu-gdm-themes/+bug/36855/comments/12
This issue has security ramifications as well, it leads to passwords being logged (which is pretty bad IMO). If you mis type your username or password, your are prompted to login again, starting with username. In many cases the user will just type the password again and hit enter, assuming he is re-prompted for password. The user is now prompted with the password field, but for him this is really confusing. Even if the user realizes what happened, there is no way the username can be fixed, so in most cases the user will hit enter again. Two things happen: - password is exposed in clear on the screen in the username field - password ends up in clear in /var/log/auth.log (if the user presses enter for the second time) I think the username and password fields should be shown at the same time, this would eliminate this problem. The other fix that seems to be implemented in Karmic is to never prompt for username, use a face browser for that, and only prompt for password. In some cases you may really not want to list all the available accounts, so proper username/password fields should be available as an alternative. -- Too easy to show your password by accidentally typing in the username field at login https://bugs.launchpad.net/bugs/393177 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
