Package: sudo Version: 1.9.16p2-3 Severity: important Dear Maintainer,
First, I'm not 100% sure whether this bug should be filled for fprintd or sudo, but sudo seems like the safest bet. To reproduce: install fprintd/libpam-fprintd, enroll a fingerprint, run a command with sudo. If using sudo with fingerprint authentication, with the fprintd/libpam-fprintd, whenever an user calls a command, for example: $ sudo ls The output becomes: """ Place your finger on the fingerprint reader """ And at that point, anything typed by the user becomes visible in the terminal. This is in contrast with the alternative of not using fprintd: """ [sudo] password for samueloph: """ Where things typed in the terminal are not shown to the user. It's understandable to expect users to not type their password when the prompt says "Place your finger on the fingerprint reader", but it's also certain that this does and will happen due to muscle memory (runs sudo and instantly starts typing password). The problem here is that this will result in accidents where the user leaks their password by accident, being especially serious if there's someone else looking at the screen. This is such a serious risk that it undermines the benefits of using fingerprint authentication altogether, thus I'm classifying this as important. I would like sudo to hide all keypresses when "Place your finger on the fingerprint reader" is shown. Cheers, -- Samuel Henrique <samueloph>
