http://bugzilla.opensuse.org/show_bug.cgi?id=1175050 Bug ID: 1175050 Summary: SDDM Greeter - Password field - reveal password button has been removed Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: openSUSE Factory Status: NEW Severity: Major Priority: P5 - None Component: Release Notes Assignee: sknorr@suse.com Reporter: bugrprt21882@online.de QA Contact: lubos.kocman@suse.com Found By: --- Blocker: --- Please add to the Leap 15.2 Release Notes an issue as follows – rough text only – it needs to be edited: Due to a security issue with the current KDE Plasma version, the SDDM "reveal password" button - the "eye" at the right hand end of the Password field - has, as of Leap 15.2, been removed. The relevant KDE Bug Reports are here: <https://bugs.kde.org/show_bug.cgi?id=396039> <https://bugs.kde.org/show_bug.cgi?id=387418> The relevant KDE Phabricator commit is here: <https://phabricator.kde.org/D26675> The security issue is as follows - also with Leap 15.1: 1. At a locked session screen, enter a password, valid or invalid, doesn't matter. 2. Clear the password and go away. 3. Someone else happens to notice the locked session screen and types <Ctrl-Z>, and then clicks the "eye" button. 4. The last password attempt is displayed as clear text. -- You are receiving this mail because: You are on the CC list for the bug.