[snap] Doesn't store encrypted passwords unless interface is connected
Bug #1996267 reported by
Erlenmayr
This bug affects 5 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Confirmed
|
Undecided
|
Nathan Teodosio |
Bug Description
In the Snap package of Chromium, Chromium is not protecting passwords with gnome-keyring (or KWallet).
As a result, copying the Chromium profile directory from the snap directory gives access to all stored passwords. This is a HIGH security risk. Regular users who are used to storing their passwords in browsers are probably unaware of this.
Note that Chromium is started with the command line option “--password-
The Chromium documentation states:
> --password-
https:/
tags: | added: snap |
summary: |
- Insecure passwort storage in Chromium (Snap) + [snap] Insecure password storage |
Changed in chromium-browser (Ubuntu): | |
status: | New → Confirmed |
summary: |
- [snap] Insecure password storage + [snap] Doesn't encrypt stored password unless password-manager-service + is connected |
summary: |
- [snap] Doesn't encrypt stored password unless password-manager-service - is connected + [snap] Doesn't encrypt stored passwords unless interface is connected |
summary: |
- [snap] Doesn't encrypt stored passwords unless interface is connected + [snap] Doesn't store encrypted passwords unless interface is connected |
tags: | added: password-storage |
Changed in chromium-browser (Ubuntu): | |
assignee: | nobody → Nathan Teodosio (nteodosio) |
To post a comment you must log in.
Hello Erlenmayr, thanks for your report.
> In the Snap package of Chromium, Chromium is not protecting passwords
> with gnome-keyring (or KWallet).
You can connect the corresponding interface for that:
snap connect chromium: password- manager- service
> As a result, copying the Chromium profile directory from the snap
> directory gives access to all stored passwords.
Please note those passwords are not stored in the clear, though they can
be discovered by going into Chromium's Settings > Passwords.