Ubuntu
network-manager-applet package

network manager shows passwords without verification

Bug #742228 reported by Elias K Gardner on 2011-03-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	network-manager-applet (Ubuntu)	Confirmed	Low	Unassigned

Bug Description

To Reproduce:
1) click network-manager-gnome icon and select "Edit Connections..."
2) Select a connection with a password and click "Edit"
3) Under the "Wireless Security" tab check "Show Password" to see the connection's password in plain text.

Network Manager should prompt for the user login password before showing the network connection's password.

Note this same behavior is in Passwords and Encryption Keys (seahorse) see Bug #189774

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: network-manager-gnome 0.8.4~git.20110318t152954.9c4c9a0-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-7.38-generic 2.6.38
Uname: Linux 2.6.38-7-generic x86_64
Architecture: amd64
CRDA: Error: [Errno 2] No such file or directory
Date: Thu Mar 24 23:41:56 2011
EcryptfsInUse: Yes
IfupdownConfig:
auto lo
iface lo inet loopback
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20110302)
IpRoute:
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.16 metric 2
169.254.0.0/16 dev wlan0 scope link metric 1000
default via 192.168.1.1 dev wlan0 proto static
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=true
ProcEnviron:
LANGUAGE=en_US:en
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: network-manager-applet
UpgradeStatus: Upgraded to natty on 2011-03-22 (2 days ago)

Tags:

Revision history for this message

Elias K Gardner (zorkerz) wrote on 2011-03-25:

Dependencies.txt Edit (5.4 KiB, text/plain; charset="utf-8")
IpAddr.txt Edit (680 bytes, text/plain; charset="utf-8")
IwConfig.txt Edit (537 bytes, text/plain; charset="utf-8")
NetDevice.eth0.txt Edit (380 bytes, text/plain; charset="utf-8")
NetDevice.lo.txt Edit (177 bytes, text/plain; charset="utf-8")
NetDevice.wlan0.txt Edit (446 bytes, text/plain; charset="utf-8")
PciNetwork.txt Edit (1.3 KiB, text/plain; charset="utf-8")
RfKill.txt Edit (128 bytes, text/plain; charset="utf-8")
WifiSyslog.txt Edit (244.2 KiB, text/plain; charset="utf-8")

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2011-03-25:

This has been brought up on the NM mailing list:

http://mail.gnome.org/archives/networkmanager-list/2011-March/msg00208.html

As I expressed in my response, I don't think this is the answer as there is no way to know the user connected to the session isn't the one who created the connection (and thus would know the password anyway). Connections set "Available to all users" would be owned by root and already request the user password before opening for edition.

Since there's no decision made yet by the upstream developers, I'll mark this bug Confirmed, Low priority (because there are workarounds).

Changed in network-manager-applet (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Low

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntunetwork-manager-applet package