Summary: | Password field allows deleted password to be restored with Ctrl+z | ||
---|---|---|---|
Product: | [Plasma] kscreenlocker | Reporter: | Gecko (kraut.space Jena) <gecko> |
Component: | general | Assignee: | David Edmundson <kde> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | bhush94, bugseforuns, gecko, kde, kde, kolAflash, mata987, mgraesslin, nate, oded, peter, simonandric5, subdiff |
Priority: | NOR | ||
Version: | 5.10.3 | ||
Target Milestone: | --- | ||
Platform: | Debian testing | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Gecko (kraut.space Jena)
2017-11-28 20:27:15 UTC
Practically no-one will type the right password then delete it...and the odds of an attacker stumbling across this at the right time seem incredibly flimsy. However, effective fix uploaded. Could you please add the phabricator link? https://phabricator.kde.org/D9040 was the link. It didn't get in for reasons I don't really agree with, but meh. I've also tried adding a key handler on the TextField to intercept it before Qt but that doesn't work as child events (which in QQC1 contain the real TextInput item) will get processed first. Only solution I can think of is a clone of our MouseEventFilter we have in kdeclarative. This issue (Ctrl-Z revealing previous attempts) is still present in kscreenlocker 5.13.4-1 on Arch Linux. Additionally, the reveal option also introduces another privacy issue: the clipboard contents can be extracted (Ctrl-V) and modified (Ctrl-C) (bug 388049). Git commit 505ce9929b2f36d8e29330f0accfbb83d654a8cd by David Edmundson. Committed on 15/01/2020 at 10:43. Pushed by davidedmundson into branch 'master'. [sddm-theme] Don't have a broken reveal password button Summary: sddm-greeter will have a button for the reveal password button, but due to sddm-greeter not loading a relevant QPT has no code to force it to load the breeze icon set. Without the breeze icon set, the clear button does not show. There are ways to solve this, but none are trivial or reliable. I threatened to do a revert in 5.12 (https://phabricator.kde.org/D9040) but the bug has still not been fixed since. Related: bug 396039 Reviewers: #plasma Subscribers: plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D26675 M +1 -1 sddm-theme/Login.qml https://commits.kde.org/plasma-workspace/505ce9929b2f36d8e29330f0accfbb83d654a8cd *** Bug 422421 has been marked as a duplicate of this bug. *** isn't this a dup of bug #453828 ? Yes indeed, thanks. *** This bug has been marked as a duplicate of bug 453828 *** |