Red Hat Bugzilla – Bug 220913
WPA Enterprise Password in Cleartext
Last modified: 2008-04-03 12:08:52 EDT
Description of problem:
The user name and password for WPA Enterprise connections are stored in plain
text in gconf.
Version-Release number of selected component (if applicable):
How reproducible: Always
Steps to Reproduce:
1. Connect to a WPA Enterprise network using PEAP
Notice that the user name and password are stored in gconf at:
Private data should be stored in the gnome-keyring or some other encrypted store
It should also be possible to instead of caching the authentication information
to prompt the user for their user name / password every time the connection is
established in a similar way to wpa_supplicant-gui. This would allow networks
to be configured in advance by IT organizations without needing to know a user's
Any updates on this? I notice someone posted this issue to networkmanager-list
Could you put some pressure on upstream to get rid of the plaintext password in
Fixed in upstream applet stable branch r432 for 0.6.x; and not a problem in 0.7
from the start. Should issue an update to NM for F7 in the near future.
F7 update has been issued.