gdm minor security issue...



On the gdm login screen if you enter an invalid username (aka the user
doesn't exist on the machine) you can't tab to the password field.  Thus a
user could, in theory, probe for valid usernames on a machine.

This is minor, but something that most systems try not to allow.  

I imagine the best fix would involve always allowing tabing to the
password field if the browser is turned off.

I'll now commence an attempt to fix this... he he he I've never mucked
with gnome code before :)

B

-----------------------------------------------------------------------
                                  Britt Bolen  -  bolen@hcs.harvard.edu 
                                                hcs.harvard.edu/~bolen/
                                                                  blah!



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]