Bug 414399 - sleeping the computer doesn't clear out password field
Summary: sleeping the computer doesn't clear out password field
Status: RESOLVED FIXED
Alias: None
Product: kscreenlocker
Classification: Plasma
Component: general (show other bugs)
Version: 5.10.3
Platform: Archlinux Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-22 17:38 UTC by joey.joey586
Modified: 2019-12-06 18:14 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In: 5.18


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description joey.joey586 2019-11-22 17:38:30 UTC
SUMMARY
Typing the password into the password field, sleeping the computer, then waking it up doesn't clear the password field

STEPS TO REPRODUCE
1. Sleep the computer
2. Wake up the computer, then type the password
3. Sleep the computer again, then wake it up again

OBSERVED RESULT
Password field is not cleared, which is a problem because a malicious person can just press Enter to unlock the computer

EXPECTED RESULT
The password field should be cleared even when sleeping without unlocking the computer

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.17.3
KDE Frameworks Version: 5.64.0
Qt Version: 5.13.2
Kernel Version: 5.3.11-arch1-1
OS Type: 64-bit
Processors: 4 × Intel® Core™ i5-7200U CPU @ 2.50GHz
Memory: 11.5 GiB of RAM


ADDITIONAL INFORMATION
Not sure what version of kscreenlocker but "pacman -Ss kscreenlocker" says the latest version as of writing this is 5.17.3.
Comment 1 joey.joey586 2019-11-22 18:09:20 UTC
This also happens when logging in to a user (after booting the computer)

1) After booting up, type in the password then sleep the computer/laptop without logging in

2) wake up the computer, and typed password will remain in password field
Comment 2 Méven Car 2019-11-23 16:28:10 UTC
Git commit a4e18e2be1348e7d6fd7fbe0c553ef0eb7120319 by Méven Car.
Committed on 23/11/2019 at 16:28.
Pushed by meven into branch 'master'.

[lockscreen] Clear password field when system suspends

Summary:
FIXED-IN: 5.18

Test Plan:
1. Lock screen
2. type something in the password field
3. Close lid/suspend system
4. Reopen Lid

Before:
Password text is kept as in step 2

After:
Password text is empty

Reviewers: #plasma, broulik, davidedmundson

Reviewed By: #plasma, davidedmundson

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D25487

M  +2    -0    libkworkspace/sessionmanagement.cpp
M  +11   -0    lookandfeel/contents/lockscreen/LockScreenUi.qml

https://commits.kde.org/plasma-workspace/a4e18e2be1348e7d6fd7fbe0c553ef0eb7120319