https://bugs.kde.org/show_bug.cgi?id=430750
Bug ID: 430750
Summary: [Uncategorizable] Unpredictable focus switch between
application is a possible way to steal password
Product: kwin
Version: 5.20.4
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: wayland-generic
Assignee: kwin-bugs-n...@kde.org
Reporter: jonas-miles-kw...@luxusmail.gq
Target Milestone: ---
SUMMARY
STEPS TO REPRODUCE
1. Launch two application at the same time one that is very quick to launch
(eg: konsole) and the other that is more slow (eg: firefox)
2. start to enter something in the first one, eg: your password to enter some
sudo command
3. Observe that the focus can be switched in the middle of your input
and if your were looking at your keyboard and not your screen,
you can enter your full password in the bad application and noticing it only
when it's too late.
In the worst case someone can use this random focus switch to create a
password stealer, in the usual case it allows your password to be entered in a
clear textedit that some behind you can read over your shoulder.
OBSERVED RESULT
EXPECTED RESULT
There should be some kind of focus lock on keyboard input to avoid those
problem.
SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma:
(available in About System)
KDE Plasma Version:
KDE Frameworks Version:
Qt Version:
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
