seahorse-plugins caches passphrase
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
seahorse-plugins (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When I right click on a file to decrypt a second time, I get a window entitled: Authorize Passphrase Access.
This window claims my passphrase is cached in memory.
My choices are Cancel or Authorize.
Cancel asks for your passphrase in a text box.
Authorize uses the passphrase from cache.
I never requested that passphrases be cached.
This is a potential security vulnerability.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: seahorse-plugins 2.30.0-0ubuntu2
ProcVersionSign
Uname: Linux 2.6.32-41-generic i686
Architecture: i386
Date: Fri Apr 27 17:48:16 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.1)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: seahorse-plugins
In menu entry /System/ Preferences/ Encryption and Keyrings, the default is 'Remember passphrases for 100 minutes'.
This default should be changed to 'Never remember passphrases' as per attached screenshot.