*** This bug is a security vulnerability ***
Public security bug reported:
gnome-boxes saves "setup-data.conf" and all it's containing info - such
as usernames, passwords, and private license codes - as plaintext.
This can be considered a security risk and can allow leakage of such
content much easier to get into the wrong hands.
File location: '/home/<username>/.config/gnome-boxes'
ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: gnome-boxes (not installed)
ProcVersionSignature: Ubuntu 4.18.0-10.11-lowlatency 4.18.12
Uname: Linux 4.18.0-10-lowlatency x86_64
ApportVersion: 2.20.10-0ubuntu13
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Thu Nov 8 08:34:50 2018
InstallationDate: Installed on 2018-08-17 (83 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
ProcEnviron:
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-boxes
UpgradeStatus: Upgraded to cosmic on 2018-10-19 (19 days ago)
** Affects: gnome-boxes (Ubuntu)
Importance: Undecided
Status: Confirmed
** Tags: amd64 apport-bug cosmic gnome gnome-boxes plaintext qemu txt
virtualmachine vm
** Changed in: gnome-boxes (Ubuntu)
Status: New => Confirmed
** Description changed:
gnome-boxes saves "setup-data.conf" and all it's containing info - such
as usernames, passwords, and private license codes - as plaintext.
This can be considered a security risk and can allow leakage of such
content much easier to get into the wrong hands.
+
+ File location: '/home/<username>/.config/gnome-boxes'
+
ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: gnome-boxes (not installed)
ProcVersionSignature: Ubuntu 4.18.0-10.11-lowlatency 4.18.12
Uname: Linux 4.18.0-10-lowlatency x86_64
ApportVersion: 2.20.10-0ubuntu13
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Thu Nov 8 08:34:50 2018
InstallationDate: Installed on 2018-08-17 (83 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
ProcEnviron:
- PATH=(custom, no user)
- XDG_RUNTIME_DIR=<set>
- LANG=en_US.UTF-8
- SHELL=/bin/bash
+ PATH=(custom, no user)
+ XDG_RUNTIME_DIR=<set>
+ LANG=en_US.UTF-8
+ SHELL=/bin/bash
SourcePackage: gnome-boxes
UpgradeStatus: Upgraded to cosmic on 2018-10-19 (19 days ago)
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802305
Title:
"setup-data.conf" is saved as plaintext
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-boxes/+bug/1802305/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
