Eidete

Eidete includes password input in the recordings

Bug #1126587 reported by KVG on 2013-02-15

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	Eidete	Invalid	Undecided	Unassigned
	Gala	Invalid	Undecided	Unassigned

Bug Description

When Show pressed keys on screen is checked, Eidete shows the input in password fields. This can be really harmful!

ProblemType: Bug
DistroRelease: elementary OS 0.2
Package: eidete 0.1~r140-0+pkg10~precise1 [origin: LP-PPA-elementary-os-daily]
ProcVersionSignature: Ubuntu 3.2.0-37.58-generic 3.2.35
Uname: Linux 3.2.0-37-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.1+elementary3~precise1
Architecture: amd64
CrashDB: eidete
Date: Fri Feb 15 22:02:14 2013
ExecutablePath: /usr/bin/eidete
InstallationMedia: elementary OS 0.2 "Luna" - Beta 1 amd64 (20121114)
MarkForUpload: True
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: eidete
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

KVG (kvgkvg) wrote on 2013-02-15:

Dependencies.txt Edit (8.4 KiB, text/plain; charset="utf-8")
ProcMaps.txt Edit (44.2 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (807 bytes, text/plain; charset="utf-8")
XsessionErrors.txt Edit (38.4 KiB, text/plain; charset="utf-8")

Revision history for this message

KVG (kvgkvg) wrote on 2013-02-15:

This bug may affect Gala and/or other projects too. It seems that it's too easy to key-log passwords.

Revision history for this message

Tom Beckmann (tombeckmann) wrote on 2015-01-17:

If at all you could report this against xserver or more precisely the xtst extension. Only "fix" to this issue would be to disable recording global events from an x client all together, as the concept of different input targets like "normal" text fields as opposed to password text fields is not known to the xserver.