Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Very dangerous error in tty terminal !

Hi. I confronted by a sever issue in tty terminal. I suffer from it since I was on Fedora 24 & 26 ! It is still existing in Fedora 28

When I switched to tty terminal it asked me for user name. I enter it. Then it asked me to enter password of that account & here is the issue: if I enter wrong password (because I'm human & vulnerable for error) it will say it is wrong & will ask to enter password again. When, immediately, I try to re-enter password again, then before complete the typing of password ( in fact just after typing 2 characters from my long password) I will confronted by changing field for password into filed for user name ! The worst thing is that parts of password that I typed in 2 trail (1st 2 characters) will decrypted & appear unhidden ! This is very dangerous !

Moreover, during my examination for issue in it's last occusion today, I noticed the following:

  • I reboot my PC to do clean test,
  • I switched to tty terminal,
  • I enter my user name,
  • immediately started to type password wrongly to reproduce bug,
  • I clicked enter,
  • I, then, received message said wrong password & asked to try again,
  • I did not enter any thing this time & wait till end of time factor where I switched to enter user name again,
  • I entered user name,
  • then as quick as possible I entered password when asked for this (but this time I entered correct password),
  • I clicked enter,
  • and I faced with disaster: field for password changed to that user name & password was decrypted ( appeared as clear text) because it recognized as the user name !, & bellow that I saw message said: failed attempt for login, wrong password !

From my side I'm already opened bug in Redhat bugzilla but no replay though I put it as "critical" ! Please see"

https://bugzilla.redhat.com/show_bug.cgi?id=1598226

As you see in link, I select a wrong "component" (Terminal: which an XFCE terminal emulator) just to to post bug ! I searched for "tty terminal", "virtual terminal" but did not find them ! Any one can give me the correct "component" to be able to edit it in bug ?