Bug 343957

Summary:	Input methods should be disabled for the password field in the lock screen
Product:	[Unmaintained] ksmserver	Reporter:	Sylvain <ago.sylvain>
Component:	lockscreen	Assignee:	David Edmundson <kde>
Status:	RESOLVED DUPLICATE
Severity:	normal
Priority:	NOR
Version:	unspecified
Target Milestone:	---
Platform:	Arch Linux
OS:	Linux
Latest Commit:		Version Fixed In:
Sentry Crash Report:
Attachments:	Visible password in lock screen when using ibus input methods

Description Sylvain 2015-02-09 08:47:10 UTC

Input methods (ibus, scim, etc.) for complex languages should be disabled in the lock screen for the password field as this can revele the password of the user.

Reproducible: Always

Steps to Reproduce:
1.Set the default input methods of KDE as ibus with mozc for japanese input (should work with other too).
2.Select the hiragana input
3.Wait for the screen to lock and start typing your password

Actual Results:  
The password is revealed as such input methods require first to type the phonetic (direct input from the keyboard) then select the right ideogram and confirm enter. Then and only then the password is considered as text and hiden using the bullet.

Expected Results:  
The input method is disabled and direct input is used. In fact I don't think that on linux it is possible to set a password in japanese. So keeping the input method on for entering the password is of no utility. Moreover there is no feedback to know what input method is used other than start typing something.

This may be considered as a security bug as the password is revealed.

Comment 1 Martin Flöser 2015-02-09 08:49:34 UTC


*** This bug has been marked as a duplicate of bug 306932 ***

Comment 2 Sylvain 2015-02-09 08:50:39 UTC

Created attachment 90988 [details]
Visible password in lock screen when using ibus input methods

I didn't know how to take a screenshot of the lock screen so I took a picture of it, sorry for the quality.

Comment 3 Sylvain 2015-02-09 08:51:30 UTC

Sorry I didn't look in the good component...