Bugtraq mailing list archives
Re: Get paste kppp *'s
From: porten () KDE ORG (Harri Porten)
Date: Fri, 27 Aug 1999 01:12:19 +0200
Hi ! Tim Jones wrote:
Well alot of dial up tools do this put your password in * so you can let other people use your computer and dial up and they wont know what your password is..
Such usage is strongly discouraged. See below.
But in kppp all you have to do to fix out whats UNDER the * is just CUT and PASTE.. Thats right.. Just COPY the *'s and paste then to a term and you can see what there password is...
That's a bug in the password mode of the edit field appearing in Windows Style. As from Qt 2.0 the behavior is corrected and therefore won't show up in KDE 2.0 versions of kppp. To work around this problem in KDE 1.x either o switch your Desktop Style to Motif or o apply the following patch: --- main.cpp 1999/08/17 16:26:52 1.115.2.5 +++ main.cpp 1999/08/26 13:53:30 @@ -537,6 +537,7 @@ l1->addWidget(PW_Label, 2, 1); PW_Edit= new QLineEdit(this); + PW_Edit->setStyle(MotifStyle); PW_Edit->setEchoMode(QLineEdit::Password); MIN_WIDTH(PW_Edit); FIXED_HEIGHT(PW_Edit); @@ -1228,6 +1229,17 @@ AccountingBase::resetCosts(s); } A more elegant fix (in terms of _not_ breaking the visual appearance) has been applied to the CVS (kppp 1.6.22) and will be present in KDE 1.1.2.
I am not sure if this is a problem or what.. But there is no reason to have the *'s if they are so easy to get past...
Even with the pasting bug corrected it's still not recommended to setup *your* account for someone else. The asterisks are merely a simple mean to visually hide what is being typed. Someone with access to your account or being in possession of your PPP login configuration will always be able to snatch sensitive data in one way or the other. There's always the option of not checking the "Store password" option btw. Harri.
Current thread:
- Get paste kppp *'s Tim Jones (Aug 20)
- <Possible follow-ups>
- Re: Get paste kppp *'s Harri Porten (Aug 26)