Language Selection

English French German Italian Portuguese Spanish

Gnome Lets Anyone See Your Keyring Passwords

Filed under
Software
Security

A security hole in Gnome allows anyone to see your keyring passwords without needing to enter so much as a password.

The Issue
Despite needing to enter your root password to alter such basic things as CPU Scaling, you are not once prompted to enter it to access the Passwords and Encryption Keyring.

Ubuntu Forum user humphreybc, who first reported this anomaly on the Ubuntu Forums, posted a quick –step-through guide so you can see for yourself how dodgy this lapse is: -

1. Restart your computer and login. Do not enter any passwords after your desktop has loaded.

2. Go to Applications > Accessories > Passwords and Encryption Keyrings

3. Click on the 'Login' folder to drop down and view the programs that store data here.

4. Double click on something you want to look at.

5. Click Password to show some dots, then uncheck the box below the dots marked "Show password"

Rest Here




More in Tux Machines

Debian 6.0 Long Term Support reaching end-of-life

The Debian Long Term Support (LTS) Team hereby announces that Debian 6.0 ("squeeze") support will reach its end-of-life on February 29, 2016, five years after its initial release on February 6, 2011. There will be no further security support for Debian 6.0. The LTS Team will prepare the transition to Debian 7 ("wheezy"), which is the current oldstable release. The LTS team will take over support from the Security Team on April 26, 2016. Read more

Tiny Core Linux 7.0 Up to Release Candidate Phase, Adds Linux Kernel 4.2.9

Robert Shingledecker announced the release and immediate availability for download and testing of the first RC (Release Candidate) build of the upcoming Tiny Core Linux 7.0 operating system. Read more

Mozilla Thunderbird 45.0 to Finally Bring GTK3 Integration for Linux, Sort Of

Earlier today, Mozilla has come out with the sixth point release of the stable 38.0 branch of its Thunderbird e-mail, news, and chat client, fixing a few minor issues reported by users since the 38.5.x series. Read more

OpenPHT 1.5.1 for Debian/sid

I have updated the openpht repository with builds of OpenPHT 1.5.1 for Debian/sid for both amd64 and i386 architecture. For those who have forgotten it, OpenPHT is the open source fork of Plex Home Theater that is used on RasPlex, see my last post concerning OpenPHT for details. Read more