Page 2 of 42 FirstFirst 123412 ... LastLast
Results 11 to 20 of 413

Thread: Keyring passwords visible after login without second password prompt

  1. #11
    Join Date
    May 2007
    Beans
    33
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Blatant security flaw much?

    Quote Originally Posted by humphreybc View Post
    Why is it that when I go to Applications > Accessories > Passwords and Encryption Keys I can click on Passwords, then expand 'login' and then I can see my passwords for my MSN account and wireless networks I connect to without once being prompted for my user password?

    But then when I change CPU Frequency scaling, I'm prompted to enter my admin password?

    O.o

    *The only prompt is asking if it's allowed access to the keyring, to which anyone can click allow.
    Although it does feel disconcerting at first, I got used to putting the system on guest or locking it before leaving the computer and/or handing it to someone. I suppose it is your machine so for me on laptops I do the above and on desktops I manage separate users.

  2. #12
    Join Date
    Mar 2009
    Location
    New Zealand
    Beans
    687
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Blatant security flaw much?

    Quote Originally Posted by prshah View Post
    This is big; you should file a bug report, I guess. No matter what the justifications offered, your keyring passwords should not be opened with prompting for a password. (I don't even get the prompt to allow the keyring to be opened).
    Could someone else post a bug report for me please? Feel free to use my attached image as a demo. I would do it, but I'm a bit tied up with a non-booting system.
    Writer for OMG! Ubuntu!, Editor-in-Chief Ubuntu Gamer. Co-founder of media and software company Ohso.

  3. #13
    Join Date
    Apr 2008
    Beans
    135

    Re: Blatant security flaw much?

    Wow, blatant security flaw indeed!

  4. #14
    Join Date
    Sep 2009
    Beans
    52

    Re: Blatant security flaw much?

    If the sudo command asks for password, accessing other partitions asks for password, update manager asks for password, if the wireless access point is turned off for a while it keeps asking for password (annoying since Windows can reconnect automatically when the access point becomes available), why cant accessing keyring and stored passwords require asking for password???

  5. #15
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,292
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Blatant security flaw much?

    Quote Originally Posted by michaelzap View Post
    Both true and irrelevant. It's reasonable to wonder why passwords for things other than your local computer can be viewed in clear text without entering a password. Even Windows doesn't allow that.
    Orly? See attachment.

    Quote Originally Posted by the.lost.one View Post
    If the sudo command asks for password, accessing other partitions asks for password, update manager asks for password, if the wireless access point is turned off for a while it keeps asking for password (annoying since Windows can reconnect automatically when the access point becomes available), why cant accessing keyring and stored passwords require asking for password???
    Because accessing your personal data doesn't require administrator access. Protecting your personal data is your responsibility, not the system's.
    Attached Images Attached Images
    Last edited by Bachstelze; October 27th, 2009 at 08:54 AM.
    「明後日の夕方には帰ってるからね。」


  6. #16
    Join Date
    Sep 2009
    Beans
    52

    Re: Blatant security flaw much?

    "Protecting your personal data is your responsibility, not the system's."

    And I want to protect it by making the system ask for a password to access it. But the system provides no such option. It asks for a password to access other partition which neither has any linux system files nor any other OS files. I don't see much difference between the two from a user's perspective.

    And shouldn't accessing system wide keyring be a higher privileged operation?

    It's all about having layers of security.

  7. #17
    Join Date
    Jun 2007
    Beans
    158

    Re: Blatant security flaw much?

    Quote Originally Posted by Bachstelze View Post
    Orly? See attachment.
    Trying to prove that Windows shows your passwords in cleartext by showing a screenshot of a third party application is somewhat stupid?

  8. #18
    Join Date
    Jan 2008
    Location
    Auckland, New Zealand
    Beans
    3,132
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Blatant security flaw much?

    Even though I understand why this is the case, I'd agree with requiring a user to enter their password before showing their stored passwords.

  9. #19
    Join Date
    Jun 2009
    Beans
    35

    Re: Blatant security flaw much?

    Quote Originally Posted by Bachstelze View Post
    Because accessing your personal data doesn't require administrator access. Protecting your personal data is your responsibility, not the system's.
    Lets just say someone had a computer which has automatic loggin on enabled (like me because karmics boot time is so slow) and then, without any password needing to be entered, WHATSOEVER, someone who decides they want to access my computer now can see all my passwords for every single program with just a few clicks. Yes, this is our own responsibility, but SURELY there should be an option to password protect our whole keyring? I know you will probably tell me there is a way, and feel free to tell me, but its not obvious

  10. #20
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,292
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Blatant security flaw much?

    Quote Originally Posted by TrueTom View Post
    Trying to prove that Windows shows your passwords in cleartext by showing a screenshot of a third party application is somewhat stupid?
    Last I checked, Pidgin and NetworkManager were third-party applications, too. Also Gnome.

    Quote Originally Posted by imafatmess View Post
    I know you will probably tell me there is a way, and feel free to tell me, but its not obvious
    I have no idea. I use KDE.
    Last edited by Bachstelze; October 27th, 2009 at 09:56 AM.
    「明後日の夕方には帰ってるからね。」


Page 2 of 42 FirstFirst 123412 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •