I found that after doing a fresh install of 13.10 server, the wpa passphrase for the network used during install was stored in plain text in /etc/network/interfaces and by default the file has 644 permissions.
As stated by the original creator, this is a potential security risk. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-system-tools in Ubuntu. https://bugs.launchpad.net/bugs/14392 Title: [network-admin] WEP key stored in world-readable /etc/network/interfaces Status in “gnome-system-tools” package in Ubuntu: Fix Released Status in “wireless-tools” package in Ubuntu: Invalid Status in “gnome-system-tools” package in Debian: Incomplete Bug description: the WEP key is stored in cleartext in /etc/network/interfaces and the file has mode 644. I'd consider this a security breach. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/14392/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
