Using KDE neon, lock screen crash after entering too big password (more than 10,000 or even 100,000) using the same login session and by entering the same password serveral times (3 times or more), This crash sddm and a black screen appears with instructions about login manually. I am using Ubuntu 16.04 LTS with KDE neon version 4+p16.04+git20171020.0022 from this source. Got from `apt show neon-desktop` Steps to reproduce:- 1- Boot the system. 2- Login to establish a session. 3- Lock the screen from the Application Launcher. 4- Entering password more than 10,000 (copy and paste) or even 100,000 5- Press enter 6- Repeat step one (4) several times. This cause the lock screen to crash after 3 times from step (4) and a black screen appears with instructions about login manually from terminal.
What's important is that the security doesn't break. That's still given. We fallback to another mechanism. It would be nice to survive such attacks, but to a certain degree it doesn't really matter.
I know it doesn’t really matter. But KDE is a solid desktop environment and such a small bug like this must not exist. That’s why I switched from Ubuntu and their default Unity environment to this amazing one. If this small bug leaves us in a closed circle, I suppose to define a simple solution by limiting the number of password characters to a way which stop seeing this bug forever and give a feedback to the user like “password is too long”. Windows operating system do this mechanism. Sorry for my English
(In reply to Martin Flöser from comment #1) > What's important is that the security doesn't break. That's still given. We > fallback to another mechanism. It would be nice to survive such attacks, but > to a certain degree it doesn't really matter. I propose not suppose
Thank you for the crash report. As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!