2014-09-06 12:15:28 |
Alexander Sack |
description |
on todays image (krillin rtm-proposed r21)
13:57 < asac> 1. kill terminal
13:57 < asac> 2. open terminal and enter pin
13:57 < asac> 3. click in terminal pastes my pin :)
obviously not good for security. Think might be bad.
Seems its not getting to dictionary at least:
13:58 < asac> 4. /me uses backspace to delete
13:58 < asac> 5. type ls
13:58 < asac> 6. type first digit of pin -> does not suggest my pin
we should check other credential prompts too: pin lock screen, sim pin etc.
Haven't tried, but I assume UITK password fields and browser dont have that, but might be worth checking.
Thanks! |
on todays image (krillin rtm-proposed r21) with ONLY auto suggest language option on I get:
13:57 < asac> 1. kill terminal
13:57 < asac> 2. open terminal and enter pin
13:57 < asac> 3. click in terminal pastes my pin :)
obviously not good for security. Think might be bad.
Seems its not getting to dictionary at least:
13:58 < asac> 4. /me uses backspace to delete
13:58 < asac> 5. type ls
13:58 < asac> 6. type first digit of pin -> does not suggest my pin
This doesn't happen if I turn auto suggestion off. Not sure if the paste is what doesn't happen or the clipboarding doesn't happen. Surely important to check out and know for sure.
We should check other credential prompts too: pin lock screen, sim pin etc.
Haven't tried, but I assume UITK password fields and browser dont have that, but might be worth checking.
Thanks! |
|