220915 – WPA Enterprise Password in Cleartext

Bug 220915 - WPA Enterprise Password in Cleartext

Summary: WPA Enterprise Password in Cleartext

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	NetworkManager
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Dan Williams
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	427843
Blocks:	246139 296411 372911
TreeView+	depends on / blocked

Reported:	2006-12-28 21:03 UTC by Russell Harrison
Modified:	2018-10-19 21:19 UTC (History)
CC List:	4 users (show)
Fixed In Version:	RHBA-2008-0369
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-05-21 16:43:53 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNOME Bugzilla	359541	0	None	None	None	Never
Red Hat Product Errata	RHBA-2008:0369	0	normal	SHIPPED_LIVE	NetworkManager bug fix update	2008-05-20 13:36:27 UTC

Description Russell Harrison 2006-12-28 21:03:26 UTC

+++ This bug was initially created as a clone of Bug #220913 +++

Description of problem:
The user name and password for WPA Enterprise connections are stored in plain
text in gconf.

Version-Release number of selected component (if applicable):
NetworkManager-0.6.4-5.fc6
NetworkManager-glib-0.6.4-5.fc6
NetworkManager-vpnc-0.7.0-0.cvs20061204.fc6
NetworkManager-gnome-0.6.4-5.fc6

How reproducible: Always

Steps to Reproduce:
1. Connect to a WPA Enterprise network using PEAP

Actual results:
Notice that the user name and password are stored in gconf at:
/system/networking/wireless/networks/ssid/wpa_eap_identity
/system/networking/wireless/networks/ssid/wpa_eap_passwd

Expected results:
Private data should be stored in the gnome-keyring or some other encrypted store

Additional info:
It should also be possible to instead of caching the authentication information
to prompt the user for their user name / password every time the connection is
established in a similar way to wpa_supplicant-gui.  This would allow networks
to be configured in advance by IT organizations without needing to know a user's
auth credentials.

Comment 1 RHEL Program Management 2006-12-29 18:40:26 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 2 RHEL Program Management 2007-03-21 23:10:11 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 8 Jay Turner 2007-11-22 11:53:26 UTC

QE ack for RHEL5.2.  We have the hardware and this shouldn't be too difficult to
reproduce.

Comment 12 Dan Williams 2008-01-08 16:44:31 UTC

Fix checked into upstream SVN and RHEL 5.2 NM

Comment 23 Suzanne Hillman 2008-04-10 14:56:58 UTC

Verified on x86_64, Dell Precision M6300.

Comment 25 errata-xmlrpc 2008-05-21 16:43:53 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0369.html

Note You need to log in before you can comment on or make changes to this bug.