vpnc always remembers session password
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| network-manager-vpnc (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: vpnc
Vpnc in Network manager always remember the session password, even though you did not tell it to remember a password. This is a problem because I need to use a one-time-password to use my vpn. If I mistype the authentication fields, or if I purposely, or accidentally get disconnected, vpnc never gives me a new password field to fill in. It just uses the old one-time-password, which fails. And 3 failures in a row, I am locked out of the system!
This is a critical issue. If the user does not fill in the password field in the vpn configuration, it should not be remembered, even for the sessin. At a minimum, this needs to be a uer-selectable option.
I am running 8.10 on a HP mini-note 2133. And it is the main distribution.
| Marc Deslauriers (mdeslaur) wrote | #1 |
| security vulnerability: | yes → no |
| jarome (jamesrome) wrote | #2 |
| affects: | vpnc (Ubuntu) → network-manager-vpnc (Ubuntu) |
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.