INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Security flaw in DLNA password  (Read 713 times)

ajp_anton

  • Junior Woodchuck
  • **
  • Posts: 57
Security flaw in DLNA password
« on: September 01, 2018, 02:51:56 pm »

I just noticed that when typing a password for the DLNA authentication (don't know if there are other places in MC that use passwords), the password field uses * as placeholders, BUT if you double-click on them, it selectively selects characters based on what they are.

Example:
Password is abc123def456
In the field, it's shown as ******
If you double-click near the beginning, only the first three stars get selected instead of the whole thing, indicating that those first three characters are of the same type (in this case letters) and the fourth digit is something else. So depending on where you double-click, you can find out the grouping of different types of characters.

Not a huge flaw, but still something.
Logged

Matt

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 42373
  • Shoes gone again!
Re: Security flaw in DLNA password
« Reply #1 on: September 01, 2018, 04:20:43 pm »

I'll take care of this shortly.  Thanks!
Logged
Matt Ashland, JRiver Media Center

Matt

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 42373
  • Shoes gone again!
Re: Security flaw in DLNA password
« Reply #2 on: September 04, 2018, 08:17:38 am »

Next build:
Fixed: Double-click on a password edit box would select only the number of characters of the same type (number or letter) instead of all the characters.
Logged
Matt Ashland, JRiver Media Center
Pages: [1]   Go Up