[Mutt] #2987: Terminal bell when you hit backspace in an empty password field
#2987: Terminal bell when you hit backspace in an empty password field
When you hit backspace in an empty password field (tested when logging in
to an imap folder), it sounds the terminal bell. This is a handy feature
for knowing when you've completely erased the wrong password, but it's
also a security issue, albeit very minor. An attacker could theoretically
learn the number of characters in a password by remembering how many times
a person hits backspace before the terminal bell sounds, however unlikely
this may be. Other programs, like ssh and mysql (with the -p flag) don't
have this functionality.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/2987>