GNOME Bugzilla – Bug 604843
Password not hidden properly on seahorse 2.28.1 (Manager encryption keys)
Last modified: 2010-12-13 17:13:08 UTC
Informations about system and package: Ubuntu 9.10 - o Karmic Koala seahorse: 2.28.1-0ubuntu1 gnome-keyring: 2.28.1-0ubuntu1 Password not hidden properly on seahorse 2.28.1 (Manager encryption keys) Steps for reproduction: 1) Open the Seahorse; 2) In password tab, in password session, click right button mouse in password item and select Properties (or click in Properties tool bar button); 3) Open password item. Will be open the Access Authorization dialog box. Select Authorize once; 4) Select Show password and you password show in Password text box, as expected. 5) Close the dialog box an repeat step 2; 6) Open password item. Will be open the Access Authorization dialog box. Now select Deny; 7) Select Show password. You will see your password in Password text box, but without permission. This Bug allow access to personal passwords, and this allow full access to the confidential services use.
Yes Is true, I can confirm this, if you press deny for second time the password is shown.
This occurs with any key ring not just the session keyring. Closing and re-opening seahorse doesn't expose the password after hitting deny. I'm marking the severity down from critical as all someone has to do to get this information is open seahorse and select allow.
*** This bug has been marked as a duplicate of bug 627117 ***