Ubuntu
ubuntu-settings package

Editing a VPN ask to introduce credentials but if you cancel can be accessed anyway

Bug #2021484 reported by Cristobal Diaz Aircury
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-settings (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

I'm logged as a normal user without admin privileges. When I try to edit a VPN I'm asked to introduce the credentials of the admin, nevertheless if I click cancel I can still access to the VPN configuration.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: ubuntu-settings 20.04.6
ProcVersionSignature: Ubuntu 5.15.0-72.79~20.04.1-generic 5.15.98
Uname: Linux 5.15.0-72-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.26
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Mon May 29 11:16:38 2023
InstallationDate: Installed on 2022-05-04 (389 days ago)
InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
PackageArchitecture: all
SourcePackage: ubuntu-settings
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Cristobal Diaz Aircury (cristobal-diaz-aircury) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Cristobal, can you make changes from that interface? Or is it read-only?

Thanks

information type: Private Security → Public Security
Changed in ubuntu-settings (Ubuntu):
status: New → Incomplete
Revision history for this message
Cristobal Diaz Aircury (cristobal-diaz-aircury) wrote :

Hello Seth. It can be edited, and even removed. More info that might be useful:

I recently made some changes to limit the number of login attempts:

sudo nano /etc/pam.d/common-auth

auth [success=1 default=ignore] pam_unix.so nullok_secure
auth required pam_deny.so
auth required pam_faillock.so onerr=fail deny=3 unlock_time=30
auth required pam_permit.so

Another change was to set Wayland as Windowing System.

Don't hesitate to ask me more info. Thanks for your time.

Seth Arnold (seth-arnold)
Changed in ubuntu-settings (Ubuntu):
status: Incomplete → New
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Are you in the admin or the sudo group? What's the output of the "groups" command?

Revision history for this message
Cristobal Diaz Aircury (cristobal-diaz-aircury) wrote :

Sorry, I recently formatted the computer so I don't have that information anymore. Thanks for your response.

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Hi Cristobal,

are you still able to reproduce this issue?
If yes could you give more information?

Changed in ubuntu-settings (Ubuntu):
status: New → Incomplete
Revision history for this message
Cristobal Diaz Aircury (cristobal-diaz-aircury) wrote :

Hi Eduardo,

After a fresh installation of Ubuntu 22.04 I can still see this happening.

Logged as a non admin user I can access the VPN configuration even if I click on cancel in the authentication window.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for ubuntu-settings (Ubuntu) because there has been no activity for 60 days.]

Changed in ubuntu-settings (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.