I concur with Igor's last comment. I've recently started using an extension for Mozilla Firefox which integrates Firefox's password cache with the GNOME keyring and I was shocked to find that one could open seahorse and browse all of the passwords therein (within any unlocked keyring; I use the default login keyring) as plain text. It's one thing to unlock a key ring and allow a programme to access these passwords for the entire session (though it would be nice to see options to re-lock a keyring after x minutes and/or every time the screen locks), it's quite another to allow any interloper to access those passwords as plain text.
I hope that this gets fixed soon. This seems like a fairly old/established bug, and one would have hoped a security issue like this would have been fixed by now. I don't mean to be patronising, condescending or a back-seat driver mind. I was just startled that such an obvious security hole existed. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to seahorse in Ubuntu. https://bugs.launchpad.net/bugs/189774 Title: seahorse shows passwords without verification Status in Seahorse: New Status in “seahorse” package in Ubuntu: Triaged Bug description: Binary package hint: seahorse When I log in the first time, I get asked for my password to access the wireless network. Then any time later I can run seahorse (without authentication) and go and look at my wireless password (password tab / passphrase for wireless network / properties). It just asks me 'Do you want to allow access?' and if I say yes (ie 'Allow Once' or 'Allow Always'), it doesn't ask for authentication or anything, it just shows the password. Isn't this a security problem? If I reboot just X with CTRL-ALT-BS and log in again, when I run seahorse it asks me for authentication to run it, but after a full reboot it doesn't ask for any authentication. I have automatic login enabled (so on full reboot I don't need to login via the X login window) if that makes any difference. Version info: distro: hardy alpha 4 kernel: 2.6.24-5-generic seahorse: 2.21.4-0ubuntu2 gnu-pg: 1.4.6-2ubuntu5 python-gnupginterface: 0.3.2-9ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/seahorse/+bug/189774/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
