<<< Date Index >>>     <<< Thread Index >>>

[Mutt] #2987: Terminal bell when you hit backspace in an empty password field



#2987: Terminal bell when you hit backspace in an empty password field

 When you hit backspace in an empty password field (tested when logging in
 to an imap folder), it sounds the terminal bell. This is a handy feature
 for knowing when you've completely erased the wrong password, but it's
 also a security issue, albeit very minor. An attacker could theoretically
 learn the number of characters in a password by remembering how many times
 a person hits backspace before the terminal bell sounds, however unlikely
 this may be. Other programs, like ssh and mysql (with the -p flag) don't
 have this functionality.

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2987>