https://bugs.kde.org/show_bug.cgi?id=464741
Bug ID: 464741
Summary: Undo in the screen locker should not be an option
Classification: Plasma
Product: kscreenlocker
Version: 5.25.5
Platform: Kubuntu
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: plasma-b...@kde.org
Reporter: boghicieuse...@yahoo.com
Target Milestone: ---
SUMMARY
A screen locker shouldn't allow the user to use the "undo" function of the
password input text.
The scenario is the following: the user starts typing the password but before
hitting "enter" decides to walk away from the computer and no longer unlock it.
So it will clear the password from the input text (using backspace key) and
walk away. After this, an adversary getting physical access, can simply hit
CTRL+Z and then click on the "unhide/show password" button. This way the
partial/entire password will be revealed.
STEPS TO REPRODUCE
1. Lock the screen (or run
`/usr/lib/x86_64-linux-gnu/libexec/kscreenlocker_greet --testing`)
2. Type the password but don't hit enter
3. Delete the password
4. Hit CTRL+Z
OBSERVED RESULT
The password is back in the text input area.
EXPECTED RESULT
The password should not be there.
SOFTWARE/OS VERSIONS
KDE Plasma Version: 5.25.5
KDE Frameworks Version: 5.98.0
Qt Version: 5.15.6
ADDITIONAL INFORMATION
I've tested on the default Windows and Mac lockers and the "undo" does not
work.
--
You are receiving this mail because:
You are watching all bug changes.
