GNU bug report logs -
#30190
27.0.50; term run in line mode shows user passwords
Previous Next
Reported by: Tino Calancha <tino.calancha <at> gmail.com>
Date: Sun, 21 Jan 2018 12:17:02 UTC
Severity: normal
Tags: confirmed, fixed, security
Found in versions 27.0.50, 24.3
Fixed in version 26.2
Done: Noam Postavsky <npostavs <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Sat, 3 Feb 2018, Noam Postavsky wrote:
> On Sat, Feb 3, 2018 at 9:23 PM, Tino Calancha <tino.calancha <at> gmail.com> wrote:
>
>>> Doesn't look like that much of a risk to me: the user immediately sees
>>> the problem, so it's more of a minor nuisance.
>>
>> It depends of the situation. Few years ago, my boss watched my password
>> because this thing; if the password would be an offensive word
>> against him (it wasn't, he was nice) I could be fired. I remember he
>> mnetioned very proudly that in vi editor the password is always hidden...
>>
>> This is also a risk while pair-programming; recently I am doing a lot with
>> several buddies. I suspect one of my passwords might be compromised.
>
> But why wouldn't you just switch to char-mode before entering your
> password? (which is kind of annoying to have to do, but still)
Because I am so focused in the coding task on hands that I hardly can
remember this password thing.
Such bookeeping is not a human task, it must be done by computers. Like
remember aniversaries: most of the people use tools to remember that its
your birthday.
This bug report was last modified 6 years and 358 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.