This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Product Version = NetBeans IDE 8.0.2 (Build 201411181905) Operating System = Mac OS X version 10.10.1 running on x86_64 Java; VM; Vendor = 1.8.0_25 Runtime = Java HotSpot(TM) 64-Bit Server VM 25.25-b02 Double-click selecting the obscured characters in a password field stops highlighting at character type boundary, leaking information about the location of special characters in the password. Repro: 1) Open any dialogue box that prompts for a password. 2) Type in the following password abcd#abcd 3) Double-click the first four dots of the obscured password. 4) Observe that only the first half of the password is selected. Selection stops at the character-type boundary. With this information, a password's strength is compromised by disclosing possible patterns that vastly reduce the problem space for a brute-force attack.