Bug 304808

Summary: Password is visible when using su to switch user in konsole
Product: [Applications] konsole Reporter: Bhupal Reddy <p.bhupalreddy>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED REMIND    
Severity: major    
Priority: NOR    
Version: 2.7.4   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: attachment-18376-0.html
attachment-18376-1.dat
screenshot_password.png

Description Bhupal Reddy 2012-08-08 16:59:45 UTC
During switch user the password that I type is visible. It's not encrypted. 

Reproducible: Always
Comment 1 Jekyll Wu 2012-08-08 17:11:22 UTC
You mean your password is echoed as it is instead of ***** when using command su to switch to another user in konsole?  

That is most likely a problem of su(or maybe sudo), but unlikely a problem of konsole(or any terminal emulator).  A simple test: try the same thing in another terminal emulator, say xterm or rxvt-unicode, and see whether your password is also visible there.  

By the way, please always fill the "Version" field when reporting bug .
Comment 2 Bhupal Reddy 2012-08-09 11:06:32 UTC
Mr Jekyll Wu,

Thank you for your response. What you understood from my email is correct.
The password is not echoed in other terminal. Please let me know how to
overcome this.

Thanking you,

Yours faithfully,

-- Bhupal Reddy

On Wed, Aug 8, 2012 at 10:41 PM, Jekyll Wu <adaptee@gmail.com> wrote:

> https://bugs.kde.org/show_bug.cgi?id=304808
>
> Jekyll Wu <adaptee@gmail.com> changed:
>
>            What    |Removed                     |Added
>
> ----------------------------------------------------------------------------
>              Status|UNCONFIRMED                 |NEEDSINFO
>          Resolution|---                         |WAITINGFORINFO
>
> --- Comment #1 from Jekyll Wu <adaptee@gmail.com> ---
> You mean your password is echoed as it is instead of ***** when using
> command
> su to switch to another user in konsole?
>
> That is most likely a problem of su(or maybe sudo), but unlikely a problem
> of
> konsole(or any terminal emulator).  A simple test: try the same thing in
> another terminal emulator, say xterm or rxvt-unicode, and see whether your
> password is also visible there.
>
> By the way, please always fill the "Version" field when reporting bug .
>
> --
> You are receiving this mail because:
> You reported the bug.
>
Comment 3 Jekyll Wu 2012-08-09 14:37:14 UTC
Thanks for the feedback. It is strange that only konsole has that problem :( . To be honest, I currently have no idea where the thing might go wrong.

And your konsole version?  Run  "konsole --version" and paste the result here .
Comment 4 Bhupal Reddy 2012-08-09 16:20:25 UTC
Sir,

When I ran "konsole -- version", The following text appeared.
Qt: 4.7.4
KDE Development Platform: 4.7.2 (4.7.2) "release 5"
Konsole: 2.7.2

With regards,

-- Bhupal Reddy


On Thu, Aug 9, 2012 at 10:37 AM, Jekyll Wu <adaptee@gmail.com> wrote:

> https://bugs.kde.org/show_bug.cgi?id=304808
>
> Jekyll Wu <adaptee@gmail.com> changed:
>
>            What    |Removed                     |Added
>
> ----------------------------------------------------------------------------
>              Status|NEEDSINFO                   |UNCONFIRMED
>          Resolution|WAITINGFORINFO              |---
>
> --- Comment #3 from Jekyll Wu <adaptee@gmail.com> ---
> Thanks for the feedback. It is strange that only konsole has that problem
> :( .
> To be honest, I currently have no idea where the thing might go wrong.
>
> And your konsole version?  Run  "konsole --version" and paste the result
> here .
>
> --
> You are receiving this mail because:
> You reported the bug.
>
Comment 5 Jekyll Wu 2012-08-14 13:54:32 UTC
Created attachment 73186 [details]
attachment-18376-0.html

For the record, could you please attach a screenshot demonstrating the problem (visible password )? . Of course, it is advisable to not use a real user account for demonstrating.
Comment 6 Bhupal Reddy 2012-08-15 13:13:40 UTC
Sir,

Please find attached the screen shot.

With regards,

-- Bhupal Reddy

On Tue, Aug 14, 2012 at 9:54 AM, Jekyll Wu <adaptee@gmail.com> wrote:

> https://bugs.kde.org/show_bug.cgi?id=304808
>
> Jekyll Wu <adaptee@gmail.com> changed:
>
>            What    |Removed                     |Added
>
> ----------------------------------------------------------------------------
>             Version|unspecified                 |2.7.4
>
> --- Comment #5 from Jekyll Wu <adaptee@gmail.com> ---
> For the record, could you please attach a screenshot demonstrating the
> problem
> (visible password )? . Of course, it is advisable to not use a real user
> account for demonstrating.
>
> --
> You are receiving this mail because:
> You reported the bug.
>
Comment 7 Bhupal Reddy 2012-08-15 13:13:40 UTC
Created attachment 73187 [details]
attachment-18376-1.dat
Comment 8 Bhupal Reddy 2012-08-15 13:13:40 UTC
Created attachment 73188 [details]
screenshot_password.png
Comment 9 Jekyll Wu 2012-08-15 14:18:15 UTC
Thanks for the screenshot. Raise the severity of this report
Comment 10 Jekyll Wu 2012-08-15 14:19:28 UTC
Comment on attachment 73186 [details]
attachment-18376-0.html

>Sir, <br><br>Please find attached the screen shot.<br><br>With regards, <br><br>-- Bhupal Reddy <br><br><div class="gmail_quote">On Tue, Aug 14, 2012 at 9:54 AM, Jekyll Wu <span dir="ltr">&lt;<a href="mailto:adaptee@gmail.com" target="_blank">adaptee@gmail.com</a>&gt;</span> wrote:<br>
><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><a href="https://bugs.kde.org/show_bug.cgi?id=304808" target="_blank">https://bugs.kde.org/show_bug.cgi?id=304808</a><br>
>
><br>
>Jekyll Wu &lt;<a href="mailto:adaptee@gmail.com">adaptee@gmail.com</a>&gt; changed:<br>
><br>
>           What    |Removed                     |Added<br>
>----------------------------------------------------------------------------<br>
></div>            Version|unspecified                 |2.7.4<br>
><br>
>--- Comment #5 from Jekyll Wu &lt;<a href="mailto:adaptee@gmail.com">adaptee@gmail.com</a>&gt; ---<br>
>For the record, could you please attach a screenshot demonstrating the problem<br>
>(visible password )? . Of course, it is advisable to not use a real user<br>
>account for demonstrating.<br>
><div class="HOEnZb"><div class="h5"><br>
>--<br>
>You are receiving this mail because:<br>
>You reported the bug.<br>
></div></div></blockquote></div><br>
>
Comment 11 Jekyll Wu 2012-09-15 14:19:52 UTC
So far I haven't managed to reproduce this issue using any distribution on my machine (Arch,Gentoo,Fedora,Ubuntu). So I need to ask more questions :

1. Are you using openSUSE as implied in the screenshot? Have you encountered that problem when using other distributions?

2. I notice that you are using SCIM as your input method in the screenshot. Does the problem happen when you does not use input method at all? When I say "don't' use input method at all" I mean killing all the processes related with scim, instead of just switching off the input method.

3. Just to clarify something: the password in the screenshot is highlighted/selected.  Is the password shown immediately after typing, or is it visible only after that area is selected ?


I only find two similar reports[1][2] after searching hard using Google. So there are 3 reports in 7 years. That implies this issue probably really exists, but it happens rarely and no one has figured out what is needed to reproduce . Now I have to rely on you to do some investigation and provide more information, so that we can isolate and identify the root cause. Thanks in advance.

[1] https://bugs.kde.org/show_bug.cgi?id=103733
[2] https://bugzilla.novell.com/show_bug.cgi?id=518639
Comment 12 Jekyll Wu 2012-09-25 17:27:14 UTC
@Bhupal:

Could you please try to provide some information requested in comment #11?  We really need some hints from you to push the thing forward.
Comment 13 Bhupal Reddy 2012-09-26 02:18:23 UTC
Sir, I am using OpenSUSE Education 12.1. I have used Print Screen key on my
keyboard to take screenshot. I do not know what SCIM is. I have not
encounter this problem in UBUNTU. While typing password got selected
automatically. The password is shown in my office system as well as home
system. In my home system I reinstalled opensuse using ext4 and btrfs file
system. Earlier the file system was ext4 only.

With regards,

-- Bhupal Reddy

PS: I would be very grateful to you if you could help me in configuring
fedena in opensuse. I tried a lot but to no avail.

On Tue, Sep 25, 2012 at 10:57 PM, Jekyll Wu <adaptee@gmail.com> wrote:

> https://bugs.kde.org/show_bug.cgi?id=304808
>
> --- Comment #12 from Jekyll Wu <adaptee@gmail.com> ---
> @Bhupal:
>
> Could you please try to provide some information requested in comment #11?
>  We
> really need some hints from you to push the thing forward.
>
> --
> You are receiving this mail because:
> You reported the bug.
>
Comment 14 Jekyll Wu 2012-09-26 14:39:17 UTC
(In reply to comment #13)
> I do not know what SCIM is. 

SCIM is an input method framework . You are already using it, as implied by the small floating panel  in the right bottom corner in the screenshot.

> While typing password got selected automatically. 

So after you start typing password, the password is not only immediately visible, but also automatically selected/highlighted as in the screenshot? That  is really something I don't understand.

> PS: I would be very grateful to you if you could help me in configuring
> fedena in opensuse. I tried a lot but to no avail.

Sorry, but I have no idea what 'fedena' is. Can't help here.

(In reply to direct mail from Bhupal)
> After reinstalling OpenSUSE in my home system, password is not visible.

It is good that the problem is now gone for you, but it is also bad that now nobody can reproduce and provide more information...
Comment 15 Jekyll Wu 2012-10-06 15:33:09 UTC
Close this report for now, because unfortunatly the track is lost again :( 

@Bhupal, if the problem happens to you again, do not hesitate in adding more information in this report.
Comment 16 Bhupal Reddy 2012-10-07 08:18:50 UTC
Sir,

Now I am using openSUSE 12.2. No password is visible in this version. Thank
you for your efforts. I would be grateful if you could tell me how to
improve my knowledge in Linux.

With regards,

-- Bhupal Reddy

On Sat, Oct 6, 2012 at 9:03 PM, Jekyll Wu <adaptee@gmail.com> wrote:

> https://bugs.kde.org/show_bug.cgi?id=304808
>
> Jekyll Wu <adaptee@gmail.com> changed:
>
>            What    |Removed                     |Added
>
> ----------------------------------------------------------------------------
>              Status|UNCONFIRMED                 |RESOLVED
>          Resolution|---                         |REMIND
>
> --- Comment #15 from Jekyll Wu <adaptee@gmail.com> ---
> Close this report for now, because unfortunatly the track is lost again :(
>
> @Bhupal, if the problem happens to you again, do not hesitate in adding
> more
> information in this report.
>
> --
> You are receiving this mail because:
> You reported the bug.
>