Ubuntu
gnome-vfs package

Password-protected smb:// URLs are displayed in Nautilus browser address bar with inline plain-text password

Bug #479408 reported by Nick Maynard
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-vfs (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Using the "Places"->"Connect to server" functionality in Gnome and allowing permanent keyring access, creating a bookmark as suggested.

When I open the mounted volume the URL displayed at the top of the directory browser window is of the following format:

smb://PLAINTEXT_PASSWORD;USER@HOSTNAME/SHARE/

Displaying the password in plaintext on the screen like this is a major security violation according to my place of work's IT security rules.

Tags: samba smb
Revision history for this message
Nick Maynard (nick-maynard) wrote :

karmic
Package: libgnomevfs2-extra
Version: 1:2.24.2-1ubuntu1

Revision history for this message
Nick Maynard (nick-maynard) wrote :

On further examination it appears the bookmark, created in "Places", stores the password in plaintext; thus mounts created with it include the password.

Shouldn't the keyring handle this password storage? It seems the bookmark doesn't need to store the password.

Nick Maynard (nick-maynard)
visibility: private → public
Kees Cook (kees)
Changed in gnome-vfs (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.