[plasmashell] [Bug 449034] New: Screen lock textbox password visibility behaviour

bugzilla_noreply at kde.org bugzilla_noreply at kde.org
Sun Jan 23 22:22:26 GMT 2022 

https://bugs.kde.org/show_bug.cgi?id=449034

            Bug ID: 449034
           Summary: Screen lock textbox password visibility behaviour
           Product: plasmashell
           Version: 5.23.4
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: minor
          Priority: NOR
         Component: Theme - Breeze
          Assignee: visual-design at kde.org
          Reporter: dbruneau at dbruneau.me
                CC: plasma-bugs at kde.org
  Target Milestone: 1.0

SUMMARY
***
When pressing "escape" to reset the lock screen, it clears any entered password
text.  However, the visibility state does not get reset.  This can lead to
users getting tricked into revealing their password.
***


STEPS TO REPRODUCE
1. Lock your screen
2. Put text in the password box
3. Click on the password visibility toggle
4. Press "escape" (or wait until screen times out?)
5. Come back to type text in the password box

OBSERVED RESULT
The visibility state does not get reset at the same time as the password box
text gets reset.

EXPECTED RESULT
The visibility state gets reset to not show typed characters.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora KDE
(available in About System)
KDE Plasma Version: 5.23.4
KDE Frameworks Version: 5.89.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
I wouldn't call this a "bug".  More along the lines of a possible improvement
to be made to improve security.  If a workstation is left unattended, and
somebody toggles the text visibility, it's easy to type in your password
without noticing it will be showed to any prying eyes.  (colleagues, etc...)

Thanks in advance,

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Visual-design mailing list