*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
btw, there is no way to report a bug against "nm-applet", despite it
being in the [search] list for Package in bugs.lanunchpad (is this a bug
in lanuchpad?) plase move his bug report if needed.
When using nm-applet and G3 modem - I am asked for a PIN.
The PIN entry box shows the PIN on screen.
So, if I'm using G3 modem outside of my home (which is like, the point
of it) then anyone can easly look over my shoulder to steal it (and
grabbing g3 modem card is not that hard, then just enter my PIN and use
my card...)
Combined with gnome-keyring (bug#296736 and/or bug#125075) I have to
enter PIN each time so this is really bad.
Please make it show starred-out password.
by the way:
------------------------
Also PLEASE make the dialog auto-check was the same PIN just entered - to
avoid asking g3 modem hardware for the same bad ping that would easily lead to
SIM card lock-out.
Example, pin is 1234
BAD:
- guy enters "1235" (typo) but sees ****
- guy enters "4321" (he thinks it was the other way around)
- guy enters "4321" again - he wonders if he did a typo in "4321"
SIM card locks self.
GOOD solution:
- guy enters "1235" (typo) but sees ****
- guy enters "4321" (he thinks it was the other way around)
- guy enters "4321" and PIN entry menu warns "You already tried this PIN during
this session (in last minutes) and it did not work. Your probably want to try
another PIN" [enter another pin] [re-send again the wrong pin (can lock
card!)]
so guy chooses to try another pin, tries "1234" (no typo this time) and it
works
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
--
nm-applet G3 modem pin entry is visible
https://bugs.launchpad.net/bugs/296741
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
