Bug 464741 - Undo in the screen locker should not be an option
Summary: Undo in the screen locker should not be an option
Status: RESOLVED DUPLICATE of bug 453828
Alias: None
Product: kscreenlocker
Classification: Plasma
Component: general (show other bugs)
Version: 5.25.5
Platform: Kubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-24 13:59 UTC by boghicieusebiu
Modified: 2023-01-24 18:14 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description boghicieusebiu 2023-01-24 13:59:20 UTC
SUMMARY
A screen locker shouldn't allow the user to use the "undo" function of the password input text.
The scenario is the following: the user starts typing the password but before hitting "enter" decides to walk away from the computer and no longer unlock it. So it will clear the password from the input text (using backspace key) and walk away. After this, an adversary getting physical access, can simply hit CTRL+Z and then click on the "unhide/show password" button. This way the partial/entire password will be revealed.


STEPS TO REPRODUCE
1. Lock the screen (or run `/usr/lib/x86_64-linux-gnu/libexec/kscreenlocker_greet --testing`)
2. Type the password but don't hit enter
3. Delete the password
4. Hit CTRL+Z

OBSERVED RESULT
The password is back in the text input area.

EXPECTED RESULT
The password should not be there.

SOFTWARE/OS VERSIONS
KDE Plasma Version: 5.25.5
KDE Frameworks Version: 5.98.0
Qt Version: 5.15.6

ADDITIONAL INFORMATION
I've tested on the default Windows and Mac lockers and the "undo" does not work.
Comment 1 Bug Janitor Service 2023-01-24 14:33:30 UTC
Thank you for the bug report!

Please note that Plasma 5.25.5 is not supported for much longer by KDE; supported versions are 5.24, and 5.26 or newer.

If at all possible please upgrade to a supported version and verify that the bug is still happening there.

If you're unsure how to do this, contact your distributor about it.
Comment 2 boghicieusebiu 2023-01-24 16:32:02 UTC
I've tested in two VMs:
Kubuntu 22.04.1
KDE Plasma Version: 5.24.4

and

KDE Neon User edition
KDE Plasma Version: 5.26.5

It seems that the bug I described is present in Kubuntu and *not* in KDE Neon. I think this means it's not a bug anymore and this bug can be closed.
Comment 3 Nicolas Fella 2023-01-24 18:14:00 UTC
Yes, it has been fixed meanwhile

*** This bug has been marked as a duplicate of bug 453828 ***