* initscripts-6.95-1 * redhat-config-network-1.1.20-1 If you configure a wireless interface with neat and set an encryption key, that key is stored in the world readable file /etc/sysconfig/network-scripts/ifcfg-eth?. This doesn't exactly live up to "secure by default". iwconfig goes to the trouble of not letting mortal users see the encryption key, but that effort is wasted since the user can just read it out of the network config. neat should chmod 600 /etc/sysconfig/network-scripts/ifcfg-eth? if it contains wep keys. Alternately, initscripts handling of wireless devices could be restructured to hide this info without locking down the whole file (perhaps a file ifshadow.eth?).
*** Bug 80369 has been marked as a duplicate of this bug. ***
should be fixed in cvs