'Big Honking Security Hole' or something else?
steven at too1337.com
Mon Oct 18 21:13:02 UTC 2010
On 10/18/10 1:40 PM, Dotan Cohen wrote:
> As a demonstration of what happens to plain text passwords.
> Now that the issue is being taken seriously, where is the offending
> file? No matter how much blame-shifting we do, the fact remains that
> this is a serious security issue and it's time to fix it.
There is no offending file. gnome-keyring does not store passwords as
plain text, but provides the ability to retrieve the password if you
have unlocked (IE: decrypted) the keyring. If you wish to avoid this
behavior, change the password on the login keyring so it does not
automatically unlock, or set another keyring as the default keyring and
manage those passwords separately from the login keyring (so maybe your
user passwords remain locked until you manually unlock it, but you still
automatically connect to your wireless network).
Keyrings are stored in the .gnome2/keyrings folder. Run strings and
you'll not find much of value.
More information about the ubuntu-users