GNOME Bugzilla – Bug 766139
Typing fills in password entry before user selection
Last modified: 2017-02-15 11:11:29 UTC
After booting up my machine, I frequently forget that my session isn't locked, and will start typing my password. Instead of being ignored, the password entry is filled in. It's a potential security issue, if one was to type their password without logging in, and that pre-typed password being used to log in as the user.
well we should get rid of the screenshield entirely at the login screen which would fix this bug, but in the mean time, i'll attach a one-liner that should work.
Created attachment 327517 [details] [review] loginDialog: don't allow type ahead at the login screen It's weird if after you select a username from the user list, there's a password already filled in. This commit disables at that feature for the login screen (but keeps it in tact for the unlock screen)
(In reply to Ray Strode [halfline] from comment #1) > well we should get rid of the screenshield entirely at the login screen > which would fix this bug, but in the mean time, i'll attach a one-liner that > should work. How is this related to the screen shield? The problem happens when the screenshield isn't visible, and the user list visible.
not sure I follow. you're staring at a user list, and you start typing your password, realize you didn't mean to type your password, then click on your username, and the password is already filled in waiting for you? The only way I could see that happening is if you started typing while the screenshield was done.
(In reply to Ray Strode [halfline] from comment #4) > not sure I follow. you're staring at a user list, and you start typing your > password, realize you didn't mean to type your password, then click on your > username, and the password is already filled in waiting for you? Usually only a few characters from the password, not all of it. Not sure what else is eating key strokes. > The only way I could see that happening is if you started typing while the > screenshield was done. The screenshield isn't there, the screen isn't in power save mode.
are you typing the keys right at start up? or is it at any point you're staring at the login screen user list?
(In reply to Ray Strode [halfline] from comment #6) > are you typing the keys right at start up? or is it at any point you're > staring at the login screen user list? Any point where I'm staring at the user list in gdm.
Couldn't reproduce with the latest updates, I'll reopen when I can.
You were right, it's the power save mode/screenshield. 1. Boot computer 2. Stay on login screen and wait for screensaver 3. Screen goes black but no screen blank (that'd be a separate bug) 4. Type your password 5. Select user 6. Some parts of the password entry is already filled in
Can you try the patch?
Review of attachment 327517 [details] [review]: FWIW, the patch makes sense to me
Pushed to gnome-3-20 and gnome-3-22 as well Attachment 327517 [details] pushed as 93071d9 - loginDialog: don't allow type ahead at the login screen
*** Bug 755081 has been marked as a duplicate of this bug. ***
(In reply to Bastien Nocera from comment #12) > Pushed to gnome-3-20 and gnome-3-22 as well > > Attachment 327517 [details] pushed as 93071d9 - loginDialog: don't allow > type ahead at the login screen I should note that I tested it!