>Out of interest, in which use case does it improve security to not
>show the length of the password?
Just setting up Ubuntu Server 11.04 with Full Disk Encryption (through
Installer).
Besides this annoying echoing the password length is written to tty7, where
anyone with physical access can rea
Password length gets written and logged to tty7 on Ubuntu Server 11.04.
This is unacceptable, because everyone with physical access is able to read
that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: plymouth
Ubuntu Server 11.04 with Full Disk Encryption with LVM through installer.
No graphical interface installed; only text-mode.
Besides the echoing of the line "Unlocking the disk ...", which go
** Description changed:
Binary package hint: plymouth
Ubuntu Server 11.04 with Full Disk Encryption with LVM through installer.
No graphical interface installed; only text-mode.
Besides the echoing of the line "Unlocking the disk ...", which got fixed,
the password length is visible
