Bug 8443 - Client sometimes steals macOS screensaver keyboard
Summary: Client sometimes steals macOS screensaver keyboard
Status: CLOSED INVALID
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.19.0
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-11-08 12:54 CET by anders.fridberger
Modified: 2025-01-07 15:27 CET (History)
2 users (show)

See Also:
Acceptance Criteria:


Attachments

Description anders.fridberger 2024-11-08 12:54:17 CET
This problem occurs on Mac OS X with full-screen sessions. The problem leads to client passwords becoming visible in cleartext inside Thinlinc. Steps to reproduce:

1. Open a full-screen session on Max OS X. In my case the full-screen sessions runs on a second monitor.

2. Open a text editor window in Thinlinc.

3. Do nothing until the Mac screen saver kicks in

4. When user comes back and tries to enter password into Mac OS to gain access to the client system, the password does not work, so the session does not unlock.

5. Upon logging in to the client by using fingerprints instead, I find that the  client password is displayed in cleartext inside the text editor window opened in step 2.
Comment 1 Frida Flodin cendio 2024-12-03 10:22:12 CET
I tested this on Mac M1 (macOS 15.1.1), with ThinLinc client and server 4.17.0, and did not manage to reproduce the issue. I think we need some more info to set the priority of this bug. Maybe it's only on laptops? Or older OS.
Comment 2 anders.fridberger 2024-12-06 11:23:13 CET
Hello
I'm using a MacBook Pro with the M1 chip and Mac OS 14.7.1. The server is Red Hat Enterprise 9.5, and thinlinc server version is 4.17.0.

On my system the problem occurs consistently. My setup is as follows:

An external monitor is connected through USB-C to the laptop. The external monitor is set as the main display (meaning that the built-in monitor of the laptop appears as an "extended display" in the Display tab of the Systems Settings). My screen saver kicks in after 10 minutes of inactivity, and the main display turns off after 15 minutes.

I run ThinLinc in a full-screen session on the external monitor (this only happens when using full-screen sessions). I typically have a text editor visible and in focus in the thinlinc session.

Now, if I leave my computer for more than 15 minutes (making the main display turn off), when I return to the system I wake the display by moving the mouse. If I then type the Mac OS password to unlock the system, the system refuses to unlock. I can only bring it back to life by using the fingerprint sensor.

After finding that the system cannot be unlocked by entering the password, I use the fingerprint sensor instead. This works, but now the password that I entered while trying to unlock the system appears in the text editor in the thinlinc session, in clear text and fully readable.

I hope these additional details will allow you to reproduce the problem
Comment 3 Frida Flodin cendio 2024-12-12 10:48:49 CET
Thank you for coming back with the details. It's weird, I'm still not able to reproduce this, but there are two main things that differ with the setup I have available:
1. I don't have a laptop
2. I have a newer macOS (15.1.1)

Unfortunately, I don't have the possibly to test this on a laptop right now. It does smell like something that could be an OS bug, have you considered updating to macOS 15? It would be interesting to see if the bug persists.
Comment 4 anders.fridberger 2025-01-07 14:05:14 CET
I just upgraded my laptop to the latest release of Mac OS. And the problem is now history. So it is an OS bug.
Comment 5 Samuel Mannehed cendio 2025-01-07 15:12:32 CET
Good to hear it. Thank you for testing.

Note You need to log in before you can comment on or make changes to this bug.