IM Account password unencrypted on gconf-editor
Bug #202576 reported by
Mahdi
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| telepathy-mission-control (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
Binary package hint: telepathy-core
On up-to-date hardy amd64:
If you register an account on empathy, the password is saved via gconf. Thus, if you open gconf-editor and browse to /apps/telepathy
This should REALLY be encrypted! Otherwise anyone with access to your gconf registry can get your gmail or hotmail passwords!
I tested with gtalk, jabber, msn and sip protocols. All of them have this issue.
Revision history for this message
| Kees Cook (kees) wrote | #1 |
| Changed in meta-telepathy: | |
| importance: | Undecided → Wishlist |
| status: | New → Confirmed |
Revision history for this message
| Laurent Bigonville (bigon) wrote | #2 |
Revision history for this message
| Guillaume Desmottes (cassidy) wrote | #3 |
| Changed in telepathy-mission-control: | |
| status: | Confirmed → Fix Committed |
Revision history for this message
| Laurent Bigonville (bigon) wrote | #4 |
| Changed in telepathy-mission-control: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
The passwords should really be stored via the gnome-keyring manager. As for privacy, gconf settings aren't visible to other users.