seahorse-plugins caches passphrase

Bug #990132 reported by peterzay
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
seahorse-plugins (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

When I right click on a file to decrypt a second time, I get a window entitled: Authorize Passphrase Access.

This window claims my passphrase is cached in memory.

My choices are Cancel or Authorize.

Cancel asks for your passphrase in a text box.
Authorize uses the passphrase from cache.

I never requested that passphrases be cached.

This is a potential security vulnerability.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: seahorse-plugins 2.30.0-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-41.88-generic 2.6.32.59+drm33.24
Uname: Linux 2.6.32-41-generic i686
Architecture: i386
Date: Fri Apr 27 17:48:16 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.1)
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: seahorse-plugins

Revision history for this message
peterzay (peterzay) wrote :
Revision history for this message
peterzay (peterzay) wrote :

In menu entry /System/Preferences/Encryption and Keyrings, the default is 'Remember passphrases for 100 minutes'.

This default should be changed to 'Never remember passphrases' as per attached screenshot.

Revision history for this message
dino99 (9d9) wrote :

That version is no more supported; and no expecting backport as it only concern 'security' problem.

Changed in seahorse-plugins (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.