Bug ID 1175050
Summary SDDM Greeter - Password field - reveal password button has been removed
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
OS openSUSE Factory
Status NEW
Severity Major
Priority P5 - None
Component Release Notes
Assignee sknorr@suse.com
Reporter bugrprt21882@online.de
QA Contact lubos.kocman@suse.com
Found By ---
Blocker --- 

Please add to the Leap 15.2 Release Notes an issue as follows ��� rough text only
��� it needs to be edited:

Due to a security issue with the current KDE Plasma version, the SDDM "reveal
password" button - the "eye" at the right hand end of the Password field - has,
as of Leap 15.2, been removed.

The relevant KDE Bug Reports are here:
<https://bugs.kde.org/show_bug.cgi?id=396039>
<https://bugs.kde.org/show_bug.cgi?id=387418>

The relevant KDE Phabricator commit is here:
<https://phabricator.kde.org/D26675>

The security issue is as follows - also with Leap 15.1:
 1. At a locked session screen, enter a password, valid or invalid,
    doesn't matter.
 2. Clear the password and go away.
 3. Someone else happens to notice the locked session screen and types
    <Ctrl-Z>, and then clicks the "eye" button.
 4. The last password attempt is displayed as clear text.

You are receiving this mail because: