Terminal reveals admin password for up to 25 characters

App & System Services Core OS
Plattenbote
Plattenbote OP
Created Jan ’21
Replies 3
Boosts 0
Views 457
Participants 3
For this case I've also been on the phone with support for a while, friendly support asked me to additionally ask the developer community about this:

  1. Open Terminal.

  2. Execute sudo du -hd 1

  3. type wrong password, hit enter, immediately type again wrong password.

  4. There should be a number of characters now between the prompt "Password" and "Sorry, try again" - which are potentially parts or even your whole password characters.

I've tried this on 11.1 BigSur, Support tried it as well on his system with similar results. We were not able to find out why, but definitely reproducible. Worked also with other sudo commands.

As a user I expect at no point to have any password characters revealed. Did anyone else notice this?

An exerpt of my Terminal:

$ sudo du -hd 1
Password:
asdasdasdasdasdsadadasdsaSorry, try again.
Password:
asdasdsadadsadsadasdsadSorry, try again.
Password:
adasdsadassudo: 3 incorrect password attempts



Replies  3
Boosts  0
Views  457
Participants  3
Claude31
Claude31 OP
Jan ’21
I tried in Catalina, did not get the error.

Did you see this ?
https ://www.reddit. com/r/mac/comments/fk2kj2/macintoshhddatashowsasfullalthough_it/
May be it is a related problem ?

Did you file a bugbreport ?
0
Plattenbote
Plattenbote OP
Jan ’21
No, that has nothing to do with the issue.

Apple support says: This is an issue that is based in the core of the programming. The engineer tested the problem on Unix, and the behaviour was the same. Seems like the password prompt is just too slow. I'll try to open a new topic in the opengroup.org forum. This problem unfortunately is nothing that is in apples control directly. Still I see a huge risk in this behaviour.

So in theory this problem should occur on all macs, as macOS is unix based.
0
Etresoft
Etresoft OP
Jan ’21
There is something wrong with your computer. It is possible to get some characters to echo before the password prompt appears. But it is really humanly impossible to actually type your password in that length of time. It should only take a fraction of a second. If yours is slow enough to type "asdasdasdasdasdsadadasdsa" then something is seriously wrong. I did manage to get "sdfa" to show up, but that is only by quickly slamming my hand on the keyboard. There is no way I could type anything and have it show up.
0
Terminal reveals admin password for up to 25 characters
First post date Last post date
 
 
Q