Public bug reported:
on todays image (krillin rtm-proposed r21) with ONLY auto suggest
language option on I get:
13:57 < asac> 1. kill terminal
13:57 < asac> 2. open terminal and enter pin
13:57 < asac> 3. click in terminal pastes my pin :)
obviously not good for security. Think might be bad.
Seems its not getting to dictionary at least:
13:58 < asac> 4. /me uses backspace to delete
13:58 < asac> 5. type ls
13:58 < asac> 6. type first digit of pin -> does not suggest my pin
This doesn't happen if I turn auto suggestion off. Not sure if the paste
is what doesn't happen or the clipboarding doesn't happen. Surely
important to check out and know for sure.
We should check other credential prompts too: pin lock screen, sim pin
etc.
Haven't tried, but I assume UITK password fields and browser dont have
that, but might be worth checking.
Thanks!
** Affects: ubuntu-keyboard (Ubuntu)
Importance: Critical
Status: New
** Tags: rtm14
** Description changed:
- on todays image (krillin rtm-proposed r21)
+ on todays image (krillin rtm-proposed r21) with ONLY auto suggest
+ language option on I get:
- 13:57 < asac> 1. kill terminal
+ 13:57 < asac> 1. kill terminal
13:57 < asac> 2. open terminal and enter pin
13:57 < asac> 3. click in terminal pastes my pin :)
obviously not good for security. Think might be bad.
Seems its not getting to dictionary at least:
13:58 < asac> 4. /me uses backspace to delete
13:58 < asac> 5. type ls
13:58 < asac> 6. type first digit of pin -> does not suggest my pin
- we should check other credential prompts too: pin lock screen, sim pin
+ This doesn't happen if I turn auto suggestion off. Not sure if the paste
+ is what doesn't happen or the clipboarding doesn't happen. Surely
+ important to check out and know for sure.
+
+ We should check other credential prompts too: pin lock screen, sim pin
etc.
Haven't tried, but I assume UITK password fields and browser dont have
that, but might be worth checking.
Thanks!
** Changed in: ubuntu-keyboard (Ubuntu)
Importance: Undecided => Critical
** Tags added: rtm14
** Summary changed:
- auto suggest seems to copy credentials into clipboard
+ security issue? auto suggest seems to copy credentials into clipboard
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1366314
Title:
security issue? auto suggest seems to copy credentials into clipboard
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyboard/+bug/1366314/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
