Copilot CLI prompts for WSL sudo password without obscuring input (password echoed)

[tarikbrown-msft]

Summary

When GitHub Copilot CLI prompts for a WSL sudo password (to forward it into the WSL prompt), the typed password characters are not obscured and appear on screen in plain text. This is a security risk and can lead to password disclosure (e.g., during screen sharing, recordings, or over-the-shoulder viewing).

Steps to Reproduce

1. Run Copilot CLI in a scenario where it needs elevated privileges inside WSL (sudo).
2. When prompted with something like:
   Please enter your WSL sudo password (I'll send it to the prompt):
3. Type the sudo password.

Expected Behavior

Password input should be obscured (no echo), similar to standard terminal password prompts:

• No visible characters while typing, or
• Use a secure prompt mechanism that disables echo.

Actual Behavior

Password characters are visible while typing (echoed to the terminal).

Impact / Security Considerations

• Risk of password exposure during screen shares, demos, live streams, recordings, or in shared work environments.
• Potential leakage into terminal logs depending on the host shell/terminal configuration.

Environment

OS: Windows (using WSL)
WSL distro: Ubuntu (WSL 2)
Copilot CLI version: 1.0.19
Terminal: Windows Terminal
Shell: PowerShell Core 7.6.0

Suggested Fix / Notes

• Use a proper no-echo password input method on Windows terminals (e.g., a secure prompt / TTY no-echo).
• Ensure the password is not printed, logged, or stored, and is only forwarded to the target sudo prompt.