Bug 503596 - User's top clipboard item can be pasted on the lock screen
Summary: User's top clipboard item can be pasted on the lock screen
Status: CONFIRMED
Alias: None
Product: plasmashell
Classification: Plasma
Component: Screen locking (other bugs)
Version First Reported In: 6.3.4
Platform: Arch Linux Linux
: NOR normal
Target Milestone: 1.0
Assignee: Plasma Bugs List
URL:
Keywords:
: 504189 (view as bug list)
Depends on:
Blocks:
 
Reported: 2025-05-01 00:38 UTC by Aquamagister
Modified: 2025-05-14 06:53 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Aquamagister 2025-05-01 00:38:39 UTC 
SUMMARY
Locked SDDM can be opened with a user password copied to Clipboard with Ctrl+V. 

STEPS TO REPRODUCE
1.  Open any text editor (Kate).
2.  Write your login password that you use for SDDM login screen.
3.  Mark and copy the password to Clipboard with Ctrl+C.
4.  Lock your session.
5.  Press Ctrl+V and you are back in your current user account.

OBSERVED RESULT
Clipboard is leaking a user password to SDDM.

EXPECTED RESULT
Clipboard should not work on locked SDDM.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 6.3.4
KDE Frameworks Version: 6.13.0
Qt Version: 6.9.0
Kernel Version: 6.14.4-arch1-2 (64-bit)
Graphics Platform: Wayland
Processors: 32 × AMD Ryzen 9 9950X3D 16-Core Processor
Memory: 67.0 GB of RAM
Graphics Processor: AMD Radeon Graphics (AMD RX 9070/9070 XT [Discrete])


ADDITIONAL INFORMATION
N/A
Comment 1 Nate Graham 2025-05-02 14:40:26 UTC 
Can confirm. Not a critical bug though since it doesn't lead to data loss, and isn't really even security-sensitive. If you copy your user password to the clipboard, you're asking for trouble, just in general.

We should still change this though.
Comment 2 cwo 2025-05-14 06:53:25 UTC 
*** Bug 504189 has been marked as a duplicate of this bug. ***