New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Announcement of the typed Password characters while sheet Protection in Excel #5221
Comments
Confirmed using Excel 2010 and NVDA 2017.3 on a Windows 8.1 system. Let me provide a brief summary of the STR employed, results experienced, and other related thoughts. STR
In a nutshell, the issue being reported and discussed in this ticket is that NVDA speaks the character being entered in said dialog's said edit control instead of reporting the encrypted shape which the character entered is visually converted to. Log SnippetWhen "a" is the character entered: ImpactThis issue affects all NVDA users also using Excel 2010 and Excel 2013, though this issue may extend to other older and newer versions of Microsoft Excel as well as other Microsoft Office programs. I would like to believe that this bug would be equally applicable to Braille and speech. Excel is a software commonly used in professional and corporate environments, and I would suppose that password protection is a frequently used feature of this program. Verbalization of the password could probably compromise a user's privacy and may be something that could be pretty undesirable in a workplace. |
While this is a security problem, I don't believe that this has ever been expected to work previously. Assigning the feature label, hopefully we will get a chance to address this. |
This is still reproducible in Excel 2016 and 365. I think this should be solved soon since especially in organizations we have lots of protected excel sheets. |
A user reported "If opening the files by double-clicking on the file, then enter the password NVDA will speak the password. However, open either Word or Excel then open the file NVDA only speaks “star, star etc.” In trying to reproduce it (I assume they are talking about a password to to open the file - alt+f, i, p then "Encrypt with a password". The original issue here gives the keystrokes to protect a sheet. Additionally you can protect a workbook with alt+r, p, w. (Protecting a sheet limits the ability to edit cells without the password, protecting the workbook limits adding or deleting worksheets. Confusingly the option on the File - Info pane to require a password on opening the file, and the option on the Review ribbon to stop you deleting worksheets are both called "Protect Workbook") All of these password options seem to behave the same for me - that is, as the original poster described - characters are read out when typed, but moving back or backspacing results in "circle" being read out. Another thing to note is that visually all three passwords only ever appear as circles. While it is a security concern, it can be mitigated by wearing headphones. (Offering that as a workaround, not a solution) I'm using NVDA 2020.1 with Office 365 Version: 16.0.12730.20236 |
This comment was marked as resolved.
This comment was marked as resolved.
I cannot reproduce this in Office 365. Both the protect and unprotect sheet password fields are announced as protected and echo star characters for me. No matter if I open the file from within Excel or from file Explorer. |
…d above (#14839) Found when investigating #5221 Fixes #6871 Fixes #11512 Though both of these issues had already been avoided in Outlook 2016+ by #14280 Summary of the issue: When arrowing through a password in the password field in the Protect Sheet dialog in Microsoft Excel (alt h o p), NVDA produces an error and says nothing. Similarly, when tabbing to that control and the cursor is already on a password character, NVDA produces an error and the focus is not announced at all. Description of user facing changes NVDA no longer fails to announce the focus when tabbing to the password field in Excel's Protect sheet dialog. Description of development approach 1. In the ITextDocument TextInfo's text property: catch COMError when calling range.text. This can occur when the edit control is protected. Just log a debugWarning and return the empty string - there is nothing else we can do about this error. This allows NVDA to announce the focus without an error. And when arrowing through the characters, 'blank' will be spoken rather than an error, which is better than nothing. 2. In the appModule for Excel: treat RICHEDIT60W windows as having a good UI automation implementation if on Windows 10 or higher and Office 2016 or higher. Office 2016 on Win 10+ has a very good UI automation implementation for RICHEDIT60W, which includes being able to fetch 'circle' characters when arrowing through a password. So in summary, on Office 2016 win10+ the error is gone and NvDA can announce 'circle' when arrowing through password characters in the Protect sheet dialog. On older versions of Office / Windows, the error is gone, though NVDA will announce 'blank' when arrowing through password characters.
Reported by dhankuta on 2015-07-14 07:51
In Excel 13 (no idea on previous versions!), While on sheet protection with a password, the typed characters are announced instead saying star, star etc.
check:
Open excel 13.
press Alt h o p
type the password, It will report the typed characters.
Him Prasad Gautam
Nepal.
The text was updated successfully, but these errors were encountered: