search

elementary / greeter

Login and Lock Screen greeter for elementary OS and Pantheon, using LightDM
GNU General Public License v3.0
152 stars 39 forks source link

Clear password field on lock screen for more security #720

Closed spotlesscoder closed 1 month ago

spotlesscoder commented 3 months ago

What Happened?

Password masking characters stayed in password field after entering the wrong password. In case you leave the desk after having entered a wrong password, someone can come and count the amount of masking characters of the still visible password masking dots. This is one piece in the puzzle of guessing or bruteforcing a password. This information should not remain available on the screen

Steps to Reproduce

Enter wrong password in lock screen, hit enter and leave the PC

Expected Behavior

Password field is cleared automatically so no one can tell how many characters the password has

OS Version

7.x (Horus)

Software Version

Latest release (I have run all updates)

Log Output

No response

Hardware Info

No response

ryonakano commented 1 month ago

Thank you for your reporting, but I'll close this as a duplicate of #648.