[Pidgin] #673: Keyring support for password storage
Pidgin
trac at pidgin.im
Mon Sep 17 19:23:56 EDT 2007
#673: Keyring support for password storage
---------------------------+------------------------------------------------
Reporter: shirish | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: pidgin (gtk) | Version: 2.0
Resolution: | Keywords:
Pending: 0 |
---------------------------+------------------------------------------------
Comment (by acornejo):
I believe it is very naive to set this bug with a "minor" priority. In a
lot of places (for example large corporations or universities) all your
home directory is exported using AFS/NFS or similar.
In any case, what this means is that any system admin can view your home
directory at will, since pidgin stores all its passwords in plain text,
now it also means that the system admins can read my (and every other
pidgin user) email without the users consent.
Please strongly reconsider upgrading this bug to critical. Even on single
user systems, anyone can insert a boot disk/cd to gain access to your home
directory without your password. Usually that means they can access all
your files, but at least they cannot retrieve your password. However if
the user happens to be a pidgin user, the intruder can gain all your
passwords (and usually at least one of your email accounts password
matches your desktop password).
Anyway, just my 5 cents.
--
Ticket URL: <http://developer.pidgin.im/ticket/673#comment:5>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list