| Summary: | nm-applet is caching password even with "ask every time" | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jay Turner <jturner> | |
| Component: | NetworkManager | Assignee: | Dan Williams <dcbw> | |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | urgent | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 14 | CC: | dcbw, jklimes, srevivo, tbzatek | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | NetworkManager-0.8.4-1.fc14 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 692578 (view as bug list) | Environment: | ||
| Last Closed: | 2011-04-28 02:04:22 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 692578 | |||
| Attachments: | ||||
Created attachment 489076 [details]
Auth prompt after disconnecting and attempting to connect again
Created attachment 489077 [details]
After clicking "show password"
Created attachment 489078 [details]
Gnome Keyring entry
Pretty sure this will happen with RHEL also, but I have not verified. Will clone this bug once I do reproduce. Have noticed something else odd while playing around with this. If on the second connect attempt (when the password shows up) I click "cancel" then attempt to connect to the network again, the password is not present (even though the password is still stored in the keyring.) This is also happening using VPN access in 0.8.997-7.git20110330.fc15.x86_64, and 0.8.997-8.git20110331.fc15.x86_64. Sorry, I should not have piled onto this bug and should know better. ;-) I'm going to find my own bug instead. Created attachment 491205 [details]
Fix "ask every time" password handling (for 0.8.x branch)
The patch prevents the applet to store passwords to keyring, when "Ask for this password every time" is checked, and don't fill the edit box with the old password when asking for the new one.
Dan, does it look ok?
Fix committed upstream: 27803e6e40b8a5085b5955baafbeb0b3cc76f11f (0.8.x) NetworkManager-0.8.3.999-2.git20110414.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.999-2.git20110414.fc14 NetworkManager-0.8.3.999-2.git20110414.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.999-2.git20110414.fc13 Package NetworkManager-0.8.3.999-2.git20110414.fc13: * should fix your issue, * was pushed to the Fedora 13 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing NetworkManager-0.8.3.999-2.git20110414.fc13' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.999-2.git20110414.fc13 then log in and leave karma (feedback). NetworkManager-0.8.4-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc14 NetworkManager-0.8.4-1.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc13 NetworkManager-0.8.4-1.fc14 is no longer writing the password to the keyring, nor is it being cached and presented on subsequent connection attempts. NetworkManager-0.8.4-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. NetworkManager-0.8.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 489075 [details] First time NM prompts for password Description of problem: With NetworkManager-gnome-0.8.3.998-2.fc14.x86_64 I am seeing an interesting situation when attempting to connect to a WPA/WPA2 wireless network. Version-Release number of selected component (if applicable): NetworkManager-gnome-0.8.3.998-2.fc14.x86_64 How reproducible: Always Steps to Reproduce: 1. Select a WPA/WPA2 wireless network from the nm-applet (I'm using the "Red Hat" network in RDU that GIT just setup.) 2. Enter the password and ensure that "Ask for this password every time" is selected. 3. Successful network negotiation occurs. 4. Now disconnect from the network. 5. Attempt to connect to the network again and when the auth screen pops up, the password will be there as blobs. Actual results: Clicking "Show Password" does indeed show the password. In addition, the password is written to the keyring. This is especially problematic in the case, like here at Red Hat with the "Red Hat" network, where the password is your RSA password + token number therefore creating the situation where another user could very easily discover the secret part by simply clicking the "show password" option. Expected results: If "ask for this password every time" is checked, the password should not be written to the keyring. Appears that change along is sufficient to prevent the cached password from appearing in the NetworkManager authentication screen. Additional info: