soc-se-bot
commented
1 year ago Team's Response
It does not make sense to ask the user to enter a password when they have not explicitly set a password (can be empty).
If a user locks the application knowing that a password has not been set:
- If they have read the user guide, they know that they can leave the password field empty to unlock the application.
- However, if they have not, the next time they start the application they will not be asked for a password.
This is illustrated in the implementation details in the DG. link
This is not a functionality bug as the application is working as intended.
The severity should be low as users are unlikely to want to lock the application when they have not yet set up a password.
Items for the Tester to Verify
:question: Issue response
Team chose [response.Rejected]
- [ ] I disagree
Reason for disagreement: [replace this with your explanation]
:question: Issue type
Team chose [type.FeatureFlaw]
Originally [type.FunctionalityBug]
- [x] I disagree
Reason for disagreement: This is a deviation from the intended result, which as mentioned above is that the lock screen should maintain, similar to if the password was manually set to "". Hence it is a functionality bug.
:question: Issue severity
Team chose [severity.Low]
Originally [severity.Medium]
- [x] I disagree
Reason for disagreement: This is a medium flaw as it can affect many users who will simply use the default lock feature without setting a password, as it is mentioned that this is possible in the UG. As this is also a security breach, it should be treated more seriously and hence it should be a Medium severity issue.
After locking the app, by clicking on the close button shown below, then relaunching the app, one goes straight into the Ui.
This problem only happens when the password has not been set. Changing the password to an empty password via
password new/does not produce this issue.