Ubuntu
gdm package

Don't switch back to user name field if password is entered incorrectly

Bug #194905 reported by Markus Amalthea Magnuson
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gdm (Ubuntu)
Invalid
Wishlist
Ubuntu Desktop Bugs

Bug Description

If I enter an incorrect password at the login screen, I am thrown back to the user name field. Often, I then try to enter my password again as that is the natural thing to do.

This can actually be quite a catastrophe if someone is watching me login, as my password will suddenly be seen in clear text; if I look at my keyboard while writing, which many users do, chances are I will reveal my whole password before noticing myself.

The login screen should stay at the password field i my password is incorrect.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug report. That's not a bug, the mistake could be in the username you entered

Changed in gdm:
assignee: nobody → desktop-bugs
importance: Undecided → Wishlist
status: New → Invalid
Revision history for this message
(4M)Stephen (sasimon19) wrote :

I guess his suggestion is that once the username is entered that ubuntu checks to see if that username exists, then allows them to re-enter the password until the get it correct...

but this could be a security issue, someone could not know a username on a ubuntu computer and guess away, withe the joint username/password error, the "guesser" wouldn't know which was incorrect....

Revision history for this message
Morten Sørvig (msorvig) wrote :

Please, this is a real security issue, I just typed my password in the clear. I would go so far as to say that this is worse than the potential username guessing Stephen describes. If the attacker has physical access to the machine all security is usually lost anyway.

However, there is no need to chose between these two alternatives: if you display two text edit fields you can keep the keyboard focus on the password field while not giving away whether or not the user name is valid.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.