Bug 220913 - WPA Enterprise Password in Cleartext
WPA Enterprise Password in Cleartext
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
6
All Linux
medium Severity high
: ---
: ---
Assigned To: Dan Williams
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-28 15:39 EST by Russell Harrison
Modified: 2008-04-03 12:08 EDT (History)
1 user (show)

See Also:
Fixed In Version: 0.6.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-03 12:08:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 359541 None None None Never

  None (edit)
Description Russell Harrison 2006-12-28 15:39:26 EST
Description of problem:
The user name and password for WPA Enterprise connections are stored in plain
text in gconf.

Version-Release number of selected component (if applicable):
NetworkManager-0.6.4-5.fc6
NetworkManager-glib-0.6.4-5.fc6
NetworkManager-vpnc-0.7.0-0.cvs20061204.fc6
NetworkManager-gnome-0.6.4-5.fc6

How reproducible: Always

Steps to Reproduce:
1. Connect to a WPA Enterprise network using PEAP

Actual results:
Notice that the user name and password are stored in gconf at:
/system/networking/wireless/networks/ssid/wpa_eap_identity
/system/networking/wireless/networks/ssid/wpa_eap_passwd

Expected results:
Private data should be stored in the gnome-keyring or some other encrypted store

Additional info:
It should also be possible to instead of caching the authentication information
to prompt the user for their user name / password every time the connection is
established in a similar way to wpa_supplicant-gui.  This would allow networks
to be configured in advance by IT organizations without needing to know a user's
auth credentials.
Comment 1 Brian Long 2007-03-05 14:21:48 EST
Any updates on this?  I notice someone posted this issue to networkmanager-list
on 3/3.
http://mail.gnome.org/archives/networkmanager-list/2007-March/msg00022.html
Could you put some pressure on upstream to get rid of the plaintext password in
GConf?
Comment 2 Dan Williams 2008-01-07 17:17:02 EST
Fixed in upstream applet stable branch r432 for 0.6.x; and not a problem in 0.7
from the start.  Should issue an update to NM for F7 in the near future.
Comment 3 Dan Williams 2008-04-03 12:08:52 EDT
F7 update has been issued.

Note You need to log in before you can comment on or make changes to this bug.