249707 – Password field leaks character type boundaries

This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 249707 - Password field leaks character type boundaries

Summary: Password field leaks character type boundaries

Status:	NEW

Alias:	None

Product:	platform
Classification:	Unclassified
Component:	Dialogs&Wizards (show other bugs)
Version:	8.0.2
Hardware:	Macintosh Mac OS X

Importance:	P4 normal (vote)
Assignee:	Stanislav Aubrecht

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-09 00:26 UTC by tiz.io
Modified:	2015-01-09 09:51 UTC (History)
CC List:	0 users

See Also:
Issue Type:	DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tiz.io 2015-01-09 00:26:03 UTC

Product Version = NetBeans IDE 8.0.2 (Build 201411181905)
Operating System = Mac OS X version 10.10.1 running on x86_64
Java; VM; Vendor = 1.8.0_25
Runtime = Java HotSpot(TM) 64-Bit Server VM 25.25-b02

Double-click selecting the obscured characters in a password field stops highlighting at character type boundary, leaking information about the location of special characters in the password.

Repro:
1) Open any dialogue box that prompts for a password.
2) Type in the following password abcd#abcd
3) Double-click the first four dots of the obscured password.
4) Observe that only the first half of the password is selected.  Selection stops at the character-type boundary.

With this information, a password's strength is compromised by disclosing possible patterns that vastly reduce the problem space for a brute-force attack.