WPA passphrase is echoed in gui
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wicd |
Fix Released
|
Medium
|
David Paleino |
Bug Description
This bugreport is similar to bug #237735 (https:/
When entering the passphrase for encrypted networks, it is echoed in the input box and can therefore be read by anyone looking over my shoulder. Even though it might not be a security vulnerability in a technical sense, I consider it one because I am forced to make sure nobody is watching while typing, which can be impossible in public places. At my university for example I need to log into the PEAP encrypted WLAN using the username and passphrase for my main university account, which gives me also access to e-mail, vpn, examination results, e-learning platform etc. If someone gets hold of this data, they can easily impersonate me and cause serious trouble.
Please make the input box display asterisks, dots or nothing, as does every other password-dialog I am aware of. Expecting this (in my opinion normal and sane) behaviour, I was quite shocked to see my password echoed on screen.
Thanks for considering,
regards
Matthias Noe
visibility: | private → public |
Changed in wicd: | |
status: | New → Confirmed |
Changed in wicd: | |
status: | Fix Committed → Fix Released |
I have to correct myself, according to aptitude this is Wicd version 1.6.2.2-1 not 2.0 as shown by the "About" screen of the tray icon. Sorry.