'Big Honking Security Hole' or something else?

Steven Susbauer steven at too1337.com
Mon Oct 18 21:13:02 UTC 2010

On 10/18/10 1:40 PM, Dotan Cohen wrote:
> As a demonstration of what happens to plain text passwords.
> Now that the issue is being taken seriously, where is the offending
> file? No matter how much blame-shifting we do, the fact remains that
> this is a serious security issue and it's time to fix it.

There is no offending file. gnome-keyring does not store passwords as 
plain text, but provides the ability to retrieve the password if you 
have unlocked (IE: decrypted) the keyring. If you wish to avoid this 
behavior, change the password on the login keyring so it does not 
automatically unlock, or set another keyring as the default keyring and 
manage those passwords separately from the login keyring (so maybe your 
user passwords remain locked until you manually unlock it, but you still 
automatically connect to your wireless network).

Keyrings are stored in the .gnome2/keyrings folder. Run strings and 
you'll not find much of value.

More information about the ubuntu-users mailing list