Topic: Security flaw in DLNA password (Read 872 times)

ajp_anton · « **on:** September 01, 2018, 02:51:56 pm »

I just noticed that when typing a password for the DLNA authentication (don't know if there are other places in MC that use passwords), the password field uses * as placeholders, BUT if you double-click on them, it selectively selects characters based on what they are.

Example:
Password is abc123def456
In the field, it's shown as ******
If you double-click near the beginning, only the first three stars get selected instead of the whole thing, indicating that those first three characters are of the same type (in this case letters) and the fourth digit is something else. So depending on where you double-click, you can find out the grouping of different types of characters.

Not a huge flaw, but still something.

Matt · « **Reply #1 on:** September 01, 2018, 04:20:43 pm »

I'll take care of this shortly. Thanks!

Matt · « **Reply #2 on:** September 04, 2018, 08:17:38 am »

Next build:
Fixed: Double-click on a password edit box would select only the number of characters of the same type (number or letter) instead of all the characters.

INTERACT FORUM

Author Topic: Security flaw in DLNA password (Read 872 times)

ajp_anton

Security flaw in DLNA password

Matt

Re: Security flaw in DLNA password

Matt

Re: Security flaw in DLNA password