rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted.
To quote @squell:
@conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.:
Suppose we use pkill -9 sq in a different terminal right after the password has been typed in:
$ sq key generate --userid "barf" --with-password Enter password to protect the key: Killed $ hello^C
Where the password I typed in is "hello".
This has been fixed in version v7.5.0 and above.
7.5.0Exploitability
AV:PAC:HPR:HUI:RScope
S:UImpact
C:HI:NA:N3.8/CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N