After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 359541 - WPA Enterprise Password in Cleartext
WPA Enterprise Password in Cleartext
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: nm-applet
0.6.6
Other All
: Normal critical
: ---
Assigned To: Dan Williams
Dan Williams
Depends on:
Blocks:
 
 
Reported: 2006-10-04 10:07 UTC by Scott Robinson
Modified: 2008-01-07 22:13 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Entries under .gconf on my system (3.47 KB, text/plain)
2007-06-18 16:05 UTC, Morten Minde Neergaard 		Details

Description Scott Robinson 2006-10-04 10:07:43 UTC 
Please describe the problem:
Stores wpa enterprise password in plain text in daemon.log and gconf-editor under system/networking/wireless

Steps to reproduce:


Actual results:


Expected results:


Does this happen every time?


Other information:
https://launchpad.net/distros/ubuntu/+source/network-manager/+bug/45005
Comment 1 Russell Harrison 2006-12-28 16:11:17 UTC 
I'm also seeing this in Fedora Core 6, I really want to be able to deploy NM aross my enterprise but this is kind of a deal breaker. . . 

Effectivly this causes all users to store their global passwords in clear text.
Comment 2 Russell Harrison 2006-12-28 20:37:30 UTC 
It should also be possible to instead of caching the authentication information to prompt the user for their user name / password every time the connection is established in a similar way to wpa_supplicant-gui.  This would allow networks to be configured in advance by IT organizations without needing to know a user's auth credentials.
Comment 3 bboissin+gnomebug 2007-03-28 14:51:04 UTC 
Would it be possible to store the password in the keychain by default ? (and provide and option for not storing the password)
Comment 4 Russell Harrison 2007-03-29 22:15:57 UTC 
That would be perfect.  As long as the interface would pop up to ask for the password, and the user didn't need to enter in the entire config again.
Comment 5 Morten Minde Neergaard 2007-06-18 16:05:53 UTC 
Created attachment 90216 [details]
Entries under .gconf on my system

I use many different wireless networks at work, at home and elsewhere.
On most networks, passwords are saved in the gnome keyring without trouble.
This is not the case on two networks, one which uses PEAP, and one which uses .1x.
On both networks i only enter "Identity" and "Passwords, no certificates etc.

On both mentioned networks i can connect normally, but my identity and passwd
is saved to ~/.gconf/system/networking/wireless/<network name>/%gconf.xml.
They are also visible from gconf-editor, in the same path as under .gconf/.

I am using version 0.6.4-6ubuntu-7 of NM and libpam-keyring 0.0.8-5 under
Ubuntu 7.04. Attached are the gconf files for the networks, stripped of PWs :-)
My hardware is a Dell laptop with an ipw3945 network card.

I found the following in ~/.xsession-errors:
** (nm-applet:6181): WARNING **: <WARNING> nmi_save_network_info (): Error saving secret for wireless network 'eduroam' in keyring: 5
Comment 6 Andrew Jorgensen 2007-08-30 23:04:43 UTC 
As a security issue this bug really needs to get a higher priority.  Also see the downstream Ubuntu bug report: https://bugs.launchpad.net/network-manager/+bug/41134
Comment 7 Dan Williams 2007-12-05 22:20:15 UTC 
FWIW, this is fixed in 0.7 and will be fixed in the 0.6.x stable branch over the next month.
Comment 8 Dan Williams 2008-01-07 22:13:28 UTC 
fixed in stable r432