[Desktop-packages] [Bug 1819406] [NEW] Found broken a feature for fingerprint image obfuscation

Public bug reported: Dear all, In this package, a random seed is used for generation key for obfuscating a fingerprint image in uru4000 driver. Unfortunately, it seems that the seed always exhibits the same sequence of numbers each time since it is generated from rand() in libc by default. Then

[Desktop-packages] [Bug 1818938] [NEW] Found storing user fingerprints as raw image files

Public bug reported: Dear all, Currently, libfprint saves a fingerprint image (FP1 or 2?) to a file on the host without any encryption. Once fingerprint has been leaked, victims are leaked for the rest of life since it lasts for a life. It is necessary to prepare for the problem. Especially, w

[Desktop-packages] [Bug 1818936] [NEW] Found hard-coded secret-key for challenge-response on libfprint

Public bug reported: Dear all, We need to fix hard-coded symmetric-key for challenge-response authentication on `uru4000 driver`. The driver uses a symmetric-key technique to encrypt the challenge data using AES encryption algorithm for authentication. "2nd generation MS devices added an AES-ba

[Desktop-packages] [Bug 1780365] Re: Credentials located in gnome-keyring can be compromised easily

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1780365 Title: Credentials located in gnome-keyring can be co

[Desktop-packages] [Bug 1772919] Re: pam-gnome-keyring.so reveals user’s password credential as a plaintext form

Please check the attached patch applied on gnome-keyring 3.28. (see https://bug781486.bugzilla-attachments.gnome.org/attachment.cgi?id=350049) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad

[Desktop-packages] [Bug 1780365] Re: Credentials located in gnome-keyring can be compromised easily

** Description changed: Dear all, I figure out that login credentials, located in gnome-keyring, can be easily compromised. Linux based on Gnome basically uses ‘gnome-keyring’ as their backend to store login credentials in a secure manner. Specifically, google-chrome browser, net

[Desktop-packages] [Bug 1780365] [NEW] Credentials located in gnome-keyring can be compromised easily

Public bug reported: Dear all, I figure out that login credentials, located in gnome-keyring, can be easily compromised. Linux based on Gnome basically uses ‘gnome-keyring’ as their backend to store login credentials in a secure manner. Specifically, google-chrome browser, network-manager and gn