Your message dated Mon, 25 Aug 2008 20:43:12 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#496567: Password input field missing in xdm login mask
has caused the Debian Bug report #496567,
regarding Password input field missing in xdm login mask
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
496567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496567
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: xdm
Version: 1:1.1.8-3
Severity: important
Lenny's xdm does not show the password input field initially,
it is only displayed after the user enters "Return".
This disables tab-switching, which is bad:
For a typical login typing sequence
username <TAB> password <RETURN>
the password will apper in cleartext in the username box.
Should anyone look over one's shoulder, this is a security
problem.
The login sequence given above is very customary, since
e.g. Windows requires a tab key to switch between the
fields in the login mask.
Claus
--
Claus Fischer <[EMAIL PROTECTED]>
http://www.clausfischer.com/
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
On Mon, Aug 25, 2008 at 20:27:04 +0200, Claus Fischer wrote:
> Package: xdm
> Version: 1:1.1.8-3
> Severity: important
>
How is this 'important' (a bug which has a major effect on the usability
of a package, without rendering it completely unusable to everyone)?
> Lenny's xdm does not show the password input field initially,
> it is only displayed after the user enters "Return".
>
> This disables tab-switching, which is bad:
> For a typical login typing sequence
>
> username <TAB> password <RETURN>
>
> the password will apper in cleartext in the username box.
> Should anyone look over one's shoulder, this is a security
> problem.
>
> The login sequence given above is very customary, since
> e.g. Windows requires a tab key to switch between the
> fields in the login mask.
>
Lenny's xdm doesn't know what the next prompt will be until after you've
typed in your username, because it uses PAM for this. So it can't show
the password field until after you've typed 'return' on the login field.
This is the same as login or ssh or everything else, as far as I can
tell. Closing as not a bug.
Cheers,
Julien
--- End Message ---
