Comment 45 for bug 1247189

I have discovered a side effect to this bug that implies a security vulnerability.

You are in graphical tty7 and select the "switch user" option.
The xserver gets stuck trying to open a new graphical tty. You have black screen on tty8. You cannot go back to tty7.

Still you can open a non-graphical tty (tty1-tty6).
You have to login on the new tty, so you write username and password.

But all keyboard activity is still being captured on original tty7!!
You are exposing your login and password credentials (at least) to the foreground application on tty7.