On-screen keyboard shows password as suggestion
Affected version
- Fedora 37 beta
- GNOME 43.0
Bug summary
When typing my password to some password field in GDM or in the terminal, the on-screen keyboard remembers it and suggests it the next time. This is a great security issue as anyone with physical access could break into my system, if I used on-screen keyboard once for typing in my password.
Steps to reproduce
- Activate on-screen keyboard (in GDM or gnome-settings)
- Type in your password to login or with
sudo
- Type the first characters of your password
What happened
The on-screen keyboard logged the password and suggests it in plain text. Sometimes it is not even needed to type the first characters.
What did you expect to happen
Passwords shouldn’t been saved to suggestions.