Bug 383768

Summary: Screen locker password input text field allows access to the copy/paste clipboard buffer
Product: [Unmaintained] kscreenlocker Reporter: Armin Jenewein <kde>
Component: greeterAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: major CC: bshah, luigi.toscano, mgraesslin
Priority: NOR    
Version First Reported In: 5.8.7   
Target Milestone: ---   
Platform: Debian unstable   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Armin Jenewein 2017-08-20 22:33:57 UTC 
After locking the screen, it is possible to use the Shift-Insert keyboard combination to paste the current clipboard content into (at least) the password input field, which get shown as asterisks, hence revealing the exact length of the current clipboard contents string at least, eventually worse.
Comment 1 Luigi Toscano 2017-08-20 22:55:53 UTC 
This is most likely already fixed in newer releases.
Comment 2 Martin Flöser 2017-08-21 05:54:56 UTC 
Fixed in newer release.
Comment 3 Christoph Feck 2017-08-21 17:19:42 UTC 

*** This bug has been marked as a duplicate of bug 376526 ***