Your message dated Mon, 25 Aug 2008 20:43:12 +0200 with message-id <20080825184312.GJ20815@patate.is-a-geek.org> and subject line Re: Bug#496567: Password input field missing in xdm login mask has caused the Debian Bug report #496567, regarding Password input field missing in xdm login mask to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 496567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496567 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Password input field missing in xdm login mask
- From: Claus Fischer <claus.fischer@clausfischer.com>
- Date: Mon, 25 Aug 2008 20:27:04 +0200
- Message-id: <[🔎] 20080825182704.GB27203@clausfischer.com>
Package: xdm Version: 1:1.1.8-3 Severity: important Lenny's xdm does not show the password input field initially, it is only displayed after the user enters "Return". This disables tab-switching, which is bad: For a typical login typing sequence username <TAB> password <RETURN> the password will apper in cleartext in the username box. Should anyone look over one's shoulder, this is a security problem. The login sequence given above is very customary, since e.g. Windows requires a tab key to switch between the fields in the login mask. Claus -- Claus Fischer <claus.fischer@clausfischer.com> http://www.clausfischer.com/Attachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Claus Fischer <claus.fischer@clausfischer.com>, 496567-done@bugs.debian.org
- Subject: Re: Bug#496567: Password input field missing in xdm login mask
- From: Julien Cristau <jcristau@debian.org>
- Date: Mon, 25 Aug 2008 20:43:12 +0200
- Message-id: <20080825184312.GJ20815@patate.is-a-geek.org>
- In-reply-to: <[🔎] 20080825182704.GB27203@clausfischer.com>
- References: <[🔎] 20080825182704.GB27203@clausfischer.com>
On Mon, Aug 25, 2008 at 20:27:04 +0200, Claus Fischer wrote: > Package: xdm > Version: 1:1.1.8-3 > Severity: important > How is this 'important' (a bug which has a major effect on the usability of a package, without rendering it completely unusable to everyone)? > Lenny's xdm does not show the password input field initially, > it is only displayed after the user enters "Return". > > This disables tab-switching, which is bad: > For a typical login typing sequence > > username <TAB> password <RETURN> > > the password will apper in cleartext in the username box. > Should anyone look over one's shoulder, this is a security > problem. > > The login sequence given above is very customary, since > e.g. Windows requires a tab key to switch between the > fields in the login mask. > Lenny's xdm doesn't know what the next prompt will be until after you've typed in your username, because it uses PAM for this. So it can't show the password field until after you've typed 'return' on the login field. This is the same as login or ssh or everything else, as far as I can tell. Closing as not a bug. Cheers, Julien
--- End Message ---