Bug 692519 - nm-applet is caching password even with "ask every time"
Summary: nm-applet is caching password even with "ask every time"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 14
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Dan Williams
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 692578
TreeView+ depends on / blocked
 
Reported: 2011-03-31 13:23 UTC by Jay Turner
Modified: 2015-01-08 00:17 UTC (History)
4 users (show)

Fixed In Version: NetworkManager-0.8.4-1.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 692578 (view as bug list)
Environment:
Last Closed: 2011-04-28 02:04:22 UTC


Attachments (Terms of Use)
First time NM prompts for password (52.52 KB, image/jpeg)
2011-03-31 13:23 UTC, Jay Turner
no flags Details
Auth prompt after disconnecting and attempting to connect again (52.76 KB, image/jpeg)
2011-03-31 13:24 UTC, Jay Turner
no flags Details
After clicking "show password" (54.03 KB, image/jpeg)
2011-03-31 13:25 UTC, Jay Turner
no flags Details
Gnome Keyring entry (27.29 KB, image/jpeg)
2011-03-31 13:25 UTC, Jay Turner
no flags Details
Fix "ask every time" password handling (for 0.8.x branch) (5.03 KB, patch)
2011-04-11 11:17 UTC, Jirka Klimes
no flags Details | Diff

Description Jay Turner 2011-03-31 13:23:41 UTC
Created attachment 489075 [details]
First time NM prompts for password

Description of problem:
With NetworkManager-gnome-0.8.3.998-2.fc14.x86_64 I am seeing an interesting situation when attempting to connect to a WPA/WPA2 wireless network.

Version-Release number of selected component (if applicable):
NetworkManager-gnome-0.8.3.998-2.fc14.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Select a WPA/WPA2 wireless network from the nm-applet (I'm using the "Red Hat" network in RDU that GIT just setup.)
2. Enter the password and ensure that "Ask for this password every time" is selected.
3. Successful network negotiation occurs.
4. Now disconnect from the network.
5. Attempt to connect to the network again and when the auth screen pops up, the password will be there as blobs.
  
Actual results:
Clicking "Show Password" does indeed show the password.  In addition, the password is written to the keyring.  This is especially problematic in the case, like here at Red Hat with the "Red Hat" network, where the password is your RSA password + token number therefore creating the situation where another user could very easily discover the secret part by simply clicking the "show password" option.

Expected results:
If "ask for this password every time" is checked, the password should not be written to the keyring.  Appears that change along is sufficient to prevent the cached password from appearing in the NetworkManager authentication screen.

Additional info:

Comment 1 Jay Turner 2011-03-31 13:24:43 UTC
Created attachment 489076 [details]
Auth prompt after disconnecting and attempting to connect again

Comment 2 Jay Turner 2011-03-31 13:25:11 UTC
Created attachment 489077 [details]
After clicking "show password"

Comment 3 Jay Turner 2011-03-31 13:25:38 UTC
Created attachment 489078 [details]
Gnome Keyring entry

Comment 4 Jay Turner 2011-03-31 13:28:49 UTC
Pretty sure this will happen with RHEL also, but I have not verified.  Will clone this bug once I do reproduce.

Comment 5 Jay Turner 2011-03-31 15:31:53 UTC
Have noticed something else odd while playing around with this.  If on the second connect attempt (when the password shows up) I click "cancel" then attempt to connect to the network again, the password is not present (even though the password is still stored in the keyring.)

Comment 6 Paul W. Frields 2011-04-01 12:28:23 UTC
This is also happening using VPN access in 0.8.997-7.git20110330.fc15.x86_64, and 0.8.997-8.git20110331.fc15.x86_64.

Comment 7 Paul W. Frields 2011-04-01 16:26:25 UTC
Sorry, I should not have piled onto this bug and should know better. ;-) I'm going to find my own bug instead.

Comment 8 Jirka Klimes 2011-04-11 11:17:06 UTC
Created attachment 491205 [details]
Fix "ask every time" password handling  (for 0.8.x branch)

The patch prevents the applet to store passwords to keyring, when "Ask for this password every time" is checked, and don't fill the edit box with the old password when asking for the new one.
Dan, does it look ok?

Comment 9 Jirka Klimes 2011-04-13 16:42:30 UTC
Fix committed upstream:
27803e6e40b8a5085b5955baafbeb0b3cc76f11f (0.8.x)

Comment 10 Fedora Update System 2011-04-15 21:43:22 UTC
NetworkManager-0.8.3.999-2.git20110414.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.999-2.git20110414.fc14

Comment 11 Fedora Update System 2011-04-15 21:44:10 UTC
NetworkManager-0.8.3.999-2.git20110414.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.999-2.git20110414.fc13

Comment 12 Fedora Update System 2011-04-16 20:50:51 UTC
Package NetworkManager-0.8.3.999-2.git20110414.fc13:
* should fix your issue,
* was pushed to the Fedora 13 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing NetworkManager-0.8.3.999-2.git20110414.fc13'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.999-2.git20110414.fc13
then log in and leave karma (feedback).

Comment 13 Fedora Update System 2011-04-20 22:43:11 UTC
NetworkManager-0.8.4-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc14

Comment 14 Fedora Update System 2011-04-20 22:44:39 UTC
NetworkManager-0.8.4-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc13

Comment 15 Jay Turner 2011-04-26 18:54:51 UTC
NetworkManager-0.8.4-1.fc14 is no longer writing the password to the keyring, nor is it being cached and presented on subsequent connection attempts.

Comment 16 Fedora Update System 2011-04-28 02:03:35 UTC
NetworkManager-0.8.4-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2011-05-26 21:52:46 UTC
NetworkManager-0.8.4-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.