Bug 67461 - root password passed in clear text when adding printers
Summary: root password passed in clear text when adding printers
Status: RESOLVED WAITINGFORINFO
Alias: None
Product: kcontrol
Classification: Miscellaneous
Component: kcmprintmgr (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR normal
Target Milestone: ---
Assignee: KDEPrint Devel Mailinglist
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-11-07 00:35 UTC by Alan J. Raveling
Modified: 2014-08-17 07:33 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Alan J. Raveling 2003-11-07 00:35:06 UTC 
Version:            (using KDE KDE 3.1.3)
Installed from:    Debian testing/unstable Packages
OS:          Linux

When adding a printer to a local machine, I am prompted for the root password.  By chance, the local machine's root password begins with an exclaimation mark (!).  When I provided the root password, an error was returned saying that an event was not found.  The event it sited happened to the the rest of my root passwor after the exclaimation mark.  As soon as I changed my root password to something that did not have ! at the beginning I was able to successfully add printers.
Upon futher investigation into the matter, it seems that anyone, with carefull looking, can catch the root password by whatching the processes of the computer when adding a printer.
I feel this is a security hole which should be fixed.
Comment 1 Michael Goffioul 2004-02-25 14:20:05 UTC 
Could you provide some screenshot of the error dialog you get. When adding a printer, passwords are managed at CUPS-level: CUPS requests a password, KDEPrint catches the request and popup the password dialog, the password is fed back to CUPS. I don't see where you could get such an error notification.
(Sorry for the late answer).