VPN password not stored

Bug #799701 reported by Flo Ebnet
This bug affects 9 people
Affects Status Importance Assigned to Milestone
Fix Released
network-manager-openconnect (Ubuntu)
Fix Released

Bug Description

Binary package hint: network-manager-openconnect-gnome

The GNOME GUI to the OpenConnect plugin for Network Manager does not store the user's VPN password along with the user name. This is highly inconvenient. There should either be a way to securely store the password in the GNOME keyring or at least a way to (either through GUI or manually in the GNOME configuration editor) set a property like "form:main:password" to hold the password in plain text (along with a warning about the security implications).

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Marking Triaged/Medium. I haven't been able to double-check this because I'm on oneiric and n-m-openconnect needs an update there to work, but as soon as openconnect is sync'ed I'll be able to build n-m-openconnect 0.8.999 and test this (and fix it is it's not done already).

Changed in network-manager-openconnect (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
dwmw2 (dwmw2) wrote :

Patches to fix this would be very welcome. This is https://bugzilla.gnome.org/show_bug.cgi?id=638861

Storing the password should be *optional*. Probably configured in the VPN setup rather than having the option right there in the auth-dialog?

For bonus points, you could also make it store the HTTP login cookie in gnome-keyring. That would allow us to reconnect to the VPN using the *same* cookie (and hence resume with the same IP address etc.) if our physical network gets disconnected.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Adding the link to the upstream bug.

I think I may be able to set aside a bit of time to fix this after Precise, but it probably wouldn't be something we could release as an update anyway, so only available once the patch is written, tested, and accepted in some release.

Changed in network-manager-openconnect (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
milestone: none → later
Changed in network-manager-openconnect:
importance: Unknown → Wishlist
status: Unknown → In Progress
Changed in network-manager-openconnect (Ubuntu):
importance: Medium → Wishlist
assignee: Mathieu Trudel-Lapierre (mathieu-tl) → nobody
Changed in network-manager-openconnect:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-openconnect -

network-manager-openconnect ( quantal; urgency=low

  * New upstream release.
    - Use gnome-keyring for password fields. (LP: #799701)
  * debian/patches/04_fix-hitting-cancel-after-failure.patch,
    debian/patches/01_implement-proper-cancellation.patch: dropped, these
    patches are included in the release.
  * debian/patches/dont_fail_if_no_ip6_714dea4.patch: don't fail activation
    if there is no IPv6 address passed. Some people still don't have IPv6...
  * debian/control:
    - update Build-Depends to require NM >=
    - add libgnome-keyring-dev to Build-Depends.
  * debian/patches/auth_dialog_libexecdir.patch: specify libexecdir as
    /usr/lib/NetworkManager for the auth dialog to be able to spawn it properly
    in GNOME Shell. (LP: #985788)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 20 Jul 2012 16:44:24 -0400

Changed in network-manager-openconnect (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Matt Lavin (matt-lavin) wrote :

Any chance that this could get backported to 12.04?

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

If you need a fix for the bug in previous versions of Ubuntu, please do steps 1 and 2 of the SRU Procedure [1] to bring the need to a developer's attention.

[1]: https://wiki.ubuntu.com/StableReleaseUpdates#Procedure

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.