[Bug 302282] New: automatic login dialog display password in clear text
https://bugzilla.novell.com/show_bug.cgi?id=302282 Summary: automatic login dialog display password in clear text Product: openSUSE 10.3 Version: Beta 2 Platform: i586 OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: timlee@novell.com QAContact: jsrain@novell.com Found By: --- * clean install on build 20070821 into a vmware vm * created one user account (helix) * after initial installation completed was presented with dialog that said: Automatic login (helix)Password: * entered password in text box and the characters were echo'ed back as clear text. shouldn't the characters be echoed back as * characters. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=302282#c1
--- Comment #1 from Tim Lee
https://bugzilla.novell.com/show_bug.cgi?id=302282
JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=302282#c4
--- Comment #4 from Ray Strode
https://bugzilla.novell.com/show_bug.cgi?id=302282#c5
--- Comment #5 from Ray Strode
https://bugzilla.novell.com/show_bug.cgi?id=302282#c6
--- Comment #6 from Ladislav Michnovič
So there is definitely a bug in GDM:
case PAM_PROMPT_ECHO_OFF: ... question_msg = g_strdup_printf ("question_msg=%s$$echo=%d", text, TRUE);
Note echo=1 is getting send in the command string to the daemon for the ECHO_OFF case of autologin.
autologin shouldn't ever ask for a password, though, so there is some bug in a pam module or the pam configuration.
It should ask for password. There is a parameter DISPLAYMANAGER_PASSWORD_LESS_LOGIN in /etc/sysconfig/displaymanager set to NO which should be honored. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=302282#c7
--- Comment #7 from Ray Strode
https://bugzilla.novell.com/show_bug.cgi?id=302282#c8
--- Comment #8 from Ray Strode
https://bugzilla.novell.com/show_bug.cgi?id=302282#c9
Thiago Sayao
https://bugzilla.novell.com/show_bug.cgi?id=302282#c10
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=302282#c11
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=302282#c12
--- Comment #12 from Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=302282
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=302282#c13
--- Comment #13 from JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=302282#c14
JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=302282#c15
JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=302282#c16
--- Comment #16 from Hans Petter Jansson
https://bugzilla.novell.com/show_bug.cgi?id=302282#c17
Christoph Thiel
https://bugzilla.novell.com/show_bug.cgi?id=302282#c18
--- Comment #18 from JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=302282#c19
JP Rosevear
participants (1)
-
bugzilla_noreply@novell.com