Package: util-linux
Version: 2.12r-19etch1
Debian Version: etch
Hi,
i have noted this strange behavior while logging in linux console :
let suppose the system is busy on heavy tasks and you try to login by insert
<username>+<CR>+<password>+<CR> in a fast way (that is without waiting
for "password:" prompt to be displayed), this results on clear password
showed on console.
To be more clear i attach a screenshoot rapresenting the screen of a virtual
machine i tried to loggin on whit the account "root/root"
("<username>/<password>").
You can see the password ("root") clearly displayed before the "Password:"
prompt.
A this stage the password is only showed on the screen and not "buffered"
because hitting the Enter Key results in a login failure -> must re-enter the
password after "Password:" prompt showed up.Think this is a security problem because clear password showed up. Regards, Andrea.
<<attachment: login-fail.png>>
