here exists a bug in kppp 1.6.14 where a local user dialing up into the internet can copy the stars in the password box and put them into an xterm where the stars will be unrevealed and that password will be shown. seeya rarez