#1110971 sudo: Shows keypresses when using fingerprint authentication with fprintd (exposes password)

Package:
sudo
Source:
sudo
Description:
Provide limited super user privileges to specific users
Submitter:
Samuel Henrique
Date:
2026-01-29 07:38:05 UTC
Severity:
normal
Tags:
#1110971#5
Date:
2025-08-13 06:54:03 UTC
From:
To:
Dear Maintainer,

First, I'm not 100% sure whether this bug should be filled for fprintd or sudo,
but sudo seems like the safest bet.

To reproduce: install fprintd/libpam-fprintd, enroll a fingerprint, run a
command with sudo.

If using sudo with fingerprint authentication, with the fprintd/libpam-fprintd,
whenever an user calls a command, for example:
$ sudo ls

The output becomes:
"""
Place your finger on the fingerprint reader
"""

And at that point, anything typed by the user becomes visible in the terminal.

This is in contrast with the alternative of not using fprintd:
"""
[sudo] password for samueloph:
"""
Where things typed in the terminal are not shown to the user.

It's understandable to expect users to not type their password when the prompt
says "Place your finger on the fingerprint reader", but it's also certain that
this does and will happen due to muscle memory (runs sudo and instantly starts
typing password).

The problem here is that this will result in accidents where the user leaks
their password by accident, being especially serious if there's someone else
looking at the screen. This is such a serious risk that it undermines the
benefits of using fingerprint authentication altogether, thus I'm classifying
this as important.

I would like sudo to hide all keypresses when "Place your finger on the
fingerprint reader" is shown.

Cheers,
#1110971#10
Date:
2025-08-13 09:49:10 UTC
From:
To:
Control: -1 severity normal
thanks

I don't think so.

I am not going to do that.

I do not see what sudo can do here, and I certainly will not patch
Debian's sudo in that regard. Would you be willing to file an Upstream
bug?

Greetings
Marc
#1110971#15
Date:
2025-08-13 17:56:30 UTC
From:
To:
Hello Marc,

Certainly, you mentioned "I don't think so" about this bug being against sudo
instead of fprintd, can you clarify why you think that's the case?

Trying to understand which upstream I should chase for this and you understand
sudo's behavior better than me.

Cheers,
#1110971#20
Date:
2025-08-14 10:00:10 UTC
From:
To:
Hi,

As far as I understand things, it is common that an application asking
for a password turns off local echo in the terminal by means of a
control character. On a slow system, even witout fprintd, when you start
typing the sudo password too quickly after issueing the sudo command,
you see the first chars of the password.

I THINK that in this case, fprintd might turn on local echo again or
reset the terminal while sudo is waiting for its password.

I think that it would be a good idea to take the issue to the upstream
sudo mailing list. Upstream is reading the list and they frequently come
up with valueable advice about things.

Greetings
Marc
#1110971#25
Date:
2025-08-14 16:46:49 UTC
From:
To:
Hi!
this behaviour without such an fingerprint reader?


Best regards,
  Alexander
#1110971#30
Date:
2026-01-29 06:59:30 UTC
From:
To:
Control: tags -1 help
thanks

I am tagging this bug help since I do have zero experience with
biometrics on Linux. Everybody, feel free to chime in here.

Greetings
Marc
#1110971#35
Date:
2026-01-29 06:59:30 UTC
From:
To:
Control: tags -1 help
thanks

I am tagging this bug help since I do have zero experience with
biometrics on Linux. Everybody, feel free to chime in here.

Greetings
Marc