Auto-login to ssh when putting the wrong password
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| nautilus (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Bug Description
Save a ssh password on the connect to server windows (as seen on the screenshot).
The efect is that any short (let's say three character long) password entered is translated in the real password and the user is granted access.
This is just plain wrong, if the password is being remembered it should be cristal clear (at least some asteriks on the text field).
Maybe the best solution is to remove the "remember password" option.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nautilus 1:3.4.2-0ubuntu1
ProcVersionSign
Uname: Linux 3.2.0-24-generic x86_64
NonfreeKernelMo
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
Date: Fri Jun 1 12:44:59 2012
GsettingsChanges:
org.gnome.
org.gnome.
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20111129.1)
SourcePackage: nautilus
UpgradeStatus: No upgrade log present (probably fresh install)
| Federico Vera (fedevera) wrote | #1 |
| Tyler Hicks (tyhicks) wrote | #2 |
| Changed in nautilus (Ubuntu): | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| security vulnerability: | yes → no |
| visibility: | private → public |
| Sebastien Bacher (seb128) wrote | #3 |
| Changed in nautilus (Ubuntu): | |
| status: | Confirmed → Invalid |
Thanks for using Ubuntu and reporting this bug! I've confirmed it in Precise.
I disagree that it is a security bug, as invalid passwords are only accepted if the valid password has previously been saved. I see it as a UI bug around a feature that happens to relate to security (remote login). As a result, I'm removing the security label from this report.