The attachment "0001-Require-login-password-to-view-plaintext-
secrets.patch" seems to be a patch. If it isn't, please remove the
"patch" flag from the attachment, remove the "patch" tag, and if you are
a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message
Have a patch here; how do you want it? All of the documentation I see
for distro patches uses Bazaar, and this definitely isn't making it
upstream. Attached output of `git format-patch`, let me know if you
want something else.
** Patch added:
Is this underway, or what? First reported *eight years ago*, last update
one year ago, and right now I can still open seahorse and see plaintext
of all my passwords.
How hard can it be to do exactly what Chrome or many other
implementations do, and just ask for a master password before allowing
Sorry, the "how hard can it be" phrasing is bit snarky. Just a bit
disappointed that after eight years no time has been made for this.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to seahorse in Ubuntu.
GNOME is probably not going to fix this - it's not just the GNOME Way.
I'd like to see Ubuntu address this, though. Today, if I walk up to any
Ubuntu user's unlocked computer I can see any of their passwords in just
a few keystrokes: Super + P + A + S + Enter starts Seahorse, then I can
double
I just placed a bounty on this bug at Bountysource:
https://www.bountysource.com/issues/3849352-seahorse-shows-passwords-
without-verification
It will be paid to anyone who provides a patch that Ubuntu accepts.
--
You received this bug notification because you are a member of Ubuntu
Desktop
Yes Adam, it looks like something having a distro patch for seems
reasonable
** Changed in: seahorse (Ubuntu)
Assignee: Ubuntu Desktop Bugs (desktop-bugs) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to seahorse
I concur with Igor's last comment. I've recently started using an
extension for Mozilla Firefox which integrates Firefox's password cache
with the GNOME keyring and I was shocked to find that one could open
seahorse and browse all of the passwords therein (within any unlocked
keyring; I use the
Current seahorse security bug:
http://goo.gl/6oF7f
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug assignee.
https://bugs.launchpad.net/bugs/189774
Title:
seahorse shows passwords without verification
--
desktop-bugs mailing list
I don't agree with Comment #20:
* The problem exists sice 2 years
* The importance is more than medium: eg. in case of a vpn password, a single
signon corporate password is showed!
* So it is a HIGH RISK SECURITY ISSUE and the UBUNTU TEAM should ATTENT TO THAT
PROBLEM (patch itself or replace
Indeed. I want also to stress that this is a very serious security issue
(e.g. when working in environments with multiple working people, in the
train, etc). Before ending here, I just figured out that I could display
my login passwd in seahorse without any security barrier as well. It
basically
** Changed in: seahorse
Importance: Unknown = Medium
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug assignee.
--
desktop-bugs mailing list
Yes, please make seahorse ask again for the keyring-passwort befor
showing all passworts, really ALL PASSWORTS, in plaintext !
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a member of Ubuntu
Desktop
PLEASE... the next person who wants to add a comment of consolidarity
here. DON'T.
This log has been TRIAGED. This means that the bug has been posted to the
website responsible for developing this software.
If you agree that this is important... then take the time to post it on their
website.
I've noticed this problem also with Ubuntu 10.04
I don't know the motivations about the choose, but I think it is dangerous
because a lot of password are used for many services. Think people that have
got hotmail account, with the same password you could open your msn account and
your email
I think so too! It's very unsafe! It is not better than the sticker with
passwords on your monitor!
Sorry for my English =(
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a member of Ubuntu
Desktop Bugs,
RULE NÂș1 IN SECURITY:
Never, never, never store or display passwords in plaintext.
Seriously devs, are you joking? Give someone the possibility of read all
my passwords in plaintext while I'm in the toilet is a feature? Oh my
god...
--
seahorse shows passwords without verification
from a theoretical, scientific, cryptographical point of view it might
be (and probably is) no problem to display the passwords without
restriction once the keyring has been unlocked as anyone really
interested can retrieve them anyways. not having to retype the
password[1] dramatically lowers the
I'm in agreement with comments #6 and #12. This is a VERY serious
security issue. The quick allow dialog protects the passwords stored in
the wallet from network intruders or malware, but if someone happens to
have access to your computer when you forget to lock the screen, they
can easily see all
Apparently it is a design decision and therefore not a bug.
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug assignee.
--
desktop-bugs mailing list
My view is that this as a very serious design flaw. The bottom line is
that passwords should never be displayed in plain text by any
application, for any reason.
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you
Empathy stores your authentication information into your private keyring
that is only accessible by you with the password you use to unlock it.
There is no public keyring. Pidgin stores your account passwords in
clear text in a file with appropriate user permissions.
--
seahorse shows passwords
@Corey: that sounds great to me. Perhaps you should add your comments to
the gnome-bug (https://bugzilla.gnome.org/show_bug.cgi?id=551036)? It's
a Gnome issue and I think the Ubuntu devs are waiting for it to be
solved upstream.
--
seahorse shows passwords without verification
For anyone who's interested, have a look at this thread:
http://ubuntuforums.org/showthread.php?t=1302342
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug
This is my idea to solve the problem quoted from the forums;
he way I see it Ubuntu is almost there, seahorse does ask permission
just no confirmation. And we do have the tools like gconf. And
policykit, witch can handle non-root permissions and IMO is way under
used.
Here's my idea, create a
I see this as a VERY serious security flaw!
Given that Empathy Instant Messenger is going to be the default
messenger in the next Ubuntu Release, I thought I'd check it out. While
setting up my gmail and msn accounts I noticed that it was saving the
passwords in the public keyring. It was also
Okay, didn't know what triaged meant.
I've posted my comments on the bugzilla bug for GnomeKeyring.
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug
Thank you for taking the time to report this bug and helping to make
Ubuntu better. The issue has been reported Upstream. You can track the
status and make comments here:
http://bugzilla.gnome.org/show_bug.cgi?id=551036
** Bug watch added: GNOME Bug Tracker #551036
** Changed in: seahorse
Status: Unknown = New
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is a bug assignee.
--
desktop-bugs mailing list
Perhaps the dialog granting a program the right to read a password
should require you to confirm with the master password, even if the
keychain is unlocked. As of now, all you have to do is click a button -
seems like the barrier is too low.
--
seahorse shows passwords without verification
it's a wishlist bug and confirmed in comment #3
** Changed in: seahorse (Ubuntu)
Importance: Undecided = Wishlist
Status: Invalid = Confirmed
--
seahorse shows passwords without verification
https://bugs.launchpad.net/bugs/189774
You received this bug notification because you are a
Thank you for taking the time to report this bug and helping to make
Ubuntu better. It appears as this isn't a bug though... If you are
prompted to enter a password (or allowed to choose to always allow
access to the keyring) then you will be able to access the wireless
password without anymore
32 matches
Mail list logo
