Bug 343957

Summary: Input methods should be disabled for the password field in the lock screen
Product: [Unmaintained] ksmserver Reporter: Sylvain <ago.sylvain>
Component: lockscreenAssignee: David Edmundson <kde>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Visible password in lock screen when using ibus input methods

Description Sylvain 2015-02-09 08:47:10 UTC 
Input methods (ibus, scim, etc.) for complex languages should be disabled in the lock screen for the password field as this can revele the password of the user.

Reproducible: Always

Steps to Reproduce:
1.Set the default input methods of KDE as ibus with mozc for japanese input (should work with other too).
2.Select the hiragana input
3.Wait for the screen to lock and start typing your password

Actual Results:  
The password is revealed as such input methods require first to type the phonetic (direct input from the keyboard) then select the right ideogram and confirm enter. Then and only then the password is considered as text and hiden using the bullet.

Expected Results:  
The input method is disabled and direct input is used. In fact I don't think that on linux it is possible to set a password in japanese. So keeping the input method on for entering the password is of no utility. Moreover there is no feedback to know what input method is used other than start typing something.

This may be considered as a security bug as the password is revealed.
Comment 1 Martin Flöser 2015-02-09 08:49:34 UTC 

*** This bug has been marked as a duplicate of bug 306932 ***
Comment 2 Sylvain 2015-02-09 08:50:39 UTC 
Created attachment 90988 [details]
Visible password in lock screen when using ibus input methods

I didn't know how to take a screenshot of the lock screen so I took a picture of it, sorry for the quality.
Comment 3 Sylvain 2015-02-09 08:51:30 UTC 
Sorry I didn't look in the good component...