Package: gnome-keyring-manager
Version: 2.20.0-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
I've just found that running gnome-keyring-manager I just get a
confirmation dialog about deny/allow access to keyring, after pressing
'allow' I'm able to see in clear-text the password that evolution
stored to access my IMAP account. Therefore, anyone who has a couple
seconds of access to my session will be able to steal my password.
It will be much safer if instead of just an allow/deny, I am
requested my login password to see the keyring.
Thanks!
Patricio
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gnome-keyring-manager depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii libc6 2.7-9 GNU C Library: Shared libraries
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.1-2 The GLib library of C routines
ii libgnome-keyring0 2.22.0-2 GNOME keyring services library
ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file
ii libgnomeui-0 2.20.1.1-1 The GNOME 2 libraries (User Interf
ii libgtk2.0-0 2.12.9-2 The GTK+ graphical user interface
Versions of packages gnome-keyring-manager recommends:
ii gnome-icon-theme 2.22.0-1 GNOME Desktop icon theme
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
