search

linuxmint / cinnamon

A Linux desktop featuring a traditional layout, built from modern technology and introducing brand new innovative features.
GNU General Public License v2.0
4.55k stars 740 forks source link

enter password to unlock screen - the end of the entered password will be written into a browser form if this is the currently active window #11867

Open acollet opened 1 year ago

acollet commented 1 year ago

Distribution

Linux Mint 21.2 Cinnamon

Package version

5.8.4

Graphics hardware in use

Intel CometLake-H GT2 [UHD Graphics] vendor: Dell driver: i915

Frequency

Quite often

Bug description

If I lock my screen I have to enter the password to unlock it. When I lock my screen at a state where the Google Chrome browser is the active window (never tried with other browsers) and the current web page in the browser features a form where one can type in text, then (sometimes, not always but quite often) this happens: after entering the correct password the screen gets unlocked (expected) and the active form in my browser now contains the last 4 characters of my password (unexpected and very much undesired). This happens frequently, not always. But any time it happens, then when the active window was a browser with an activated form (my cursor was blinking in the form)

Steps to reproduce

have a browser open as active window with a form on the current page make sure, that any keyboard stroke would be captured by the form - so that the form is currently really active. then lock your screen with ctrl-alt-L (so by keyboard shortcut) Then unlock your screen via typing in your password Have a look at the form that was active before unlocking the screen: quite frequently it will show the last 4 characters of your password

Expected behavior

when typing in my password to unlock the screen I would expect, that my password is only entered in the unlock screen dialog, none of this data shall be transferred to the active window behind the screen lock. If one is not careful here you easily ends up sending the last 4 characters of your password to a browser form.

Additional information

No response

Jakeory1 commented 1 month ago

My password leaks in full (in another program)!

Distribution Linux Mint 22 Cinnamon

Cinnamon Version 6.2.9

Frequency Always

Bug Description Password gets leaked in full when unlocking the screen. This is definitely the case for letters and numbers when running Bizhawk and locking the screen with BizHawk as the active window. The password "1234567890" gets leaked in full. Since this way u gotta type fast, I haven't tested longer passwords.

Steps to reproduce

  1. Download BizHawk from https://github.com/TASEmulators/BizHawk/releases/tag/2.9.1
  2. Run BizHawk
  3. Change Keybindings (Config>Hotkeys>Save States) for selecting Save States to any keys you want to test
  4. Lock your screen whilst BizHawk is the active window
  5. Unlock
  6. Observe the changes in selected save states and the text displayed in the bottom left corner of BizHawk, this will tell you any key BizHawk noticed within the last sec or so. (I assume there is a limit on the number of keys u can see that way, it's at least 10)

Other I obs expected the pswd not to be leakes ;) Please do change the title of this issue. I figured this is the same issue. However if I should open another issue since this is much more severe than OP found, pls do tell me. I'm pretty new to this...