Language Selection

English French German Italian Portuguese Spanish

Gnome Lets Anyone See Your Keyring Passwords

Filed under
Software
Security

A security hole in Gnome allows anyone to see your keyring passwords without needing to enter so much as a password.

The Issue
Despite needing to enter your root password to alter such basic things as CPU Scaling, you are not once prompted to enter it to access the Passwords and Encryption Keyring.

Ubuntu Forum user humphreybc, who first reported this anomaly on the Ubuntu Forums, posted a quick –step-through guide so you can see for yourself how dodgy this lapse is: -

1. Restart your computer and login. Do not enter any passwords after your desktop has loaded.

2. Go to Applications > Accessories > Passwords and Encryption Keyrings

3. Click on the 'Login' folder to drop down and view the programs that store data here.

4. Double click on something you want to look at.

5. Click Password to show some dots, then uncheck the box below the dots marked "Show password"

Rest Here




More in Tux Machines

This Custom Android-x86 Build Puts Android 7.1.1 on Your PC, with Linux 4.11 RC7

GNU/Linux developer Arne Exton was happy to announce the release of a new build of his custom built Android-x86 project that lets uses runs the latest Android mobile operating system on their personal computers. Read more

Clear Linux Announces Intel Clear Containers 2.1.6 with Docker 17.04.0 Support

Clear Linux's Kent Helm was proud to announce the release and general availability of Intel Clear Containers 2.1.6, a maintenace update that promises to improve compatibility with recent Docker releases, but also adds various bug fixes. Read more

Nantes Métropole releases open source tool for LibreOffice transition

The French city of Nantes (Nantes Métropole) has released an open source tool used to schedule its migration to LibreOffice. The shift from commercial software to the free and open source LibreOffice productivity suite started in 2013 and is intended to save the administration EUR 260 000 per year. The transition was finalised in April 2016. Read more

Today in Techrights