connmanctl has tethering password in cleartext
asked 2018-03-18 14:56:17 +0300
Steps to repro:
1) enable tethering (set password)
2) open terminal
3) run connmanctl technologies | grep Pass
4) password set for tethering is in the result list
im sorry but it does matter.
As mentioned, if a secure phone starts with the assumption having cleartext passwords displayed on screen (without prior intention to do so by the user, which is the case in the scenario you mention) is privacy, its growing from the wrong bases. Security is an attitude, not a feature.
tortoisedoc ( 2018-03-19 13:54:44 +0300 )editbut to do that you would need ssh access witch not only means that you already have the ssh password witch doubles as a root password so you would be able to do pretty much whatever you please at that point but also would it mean that you don't fucking need a hotspot anymore.
Stedephys ( 2018-03-19 14:27:16 +0300 )edit@Stedephys not really; any application can execute as nemo a shell script which will return the password in clear text; so you do not really need ssh, you need an application (installed from openrepos?) and bang you are in.
tortoisedoc ( 2018-03-19 14:39:59 +0300 )edit
@Edz : you were in terminal already, so why the need for another one?
tortoisedoc ( 2018-03-18 18:09:53 +0300 )editWhat's the bug? Unless the password is stored in cleartext you wouldn't be able to reveal it when you wan't to see what to type in the station you're connecting to the hotspot.
luen ( 2018-03-18 18:51:09 +0300 )edit@luen say w0t?
tortoisedoc ( 2018-03-18 18:55:09 +0300 )edit@tortoisedoc How would you like to have it stored?
luen ( 2018-03-18 18:59:03 +0300 )edit@luen Please note that im complaining about connman having the password in cleartext (read: how it's displayed) not how it's stored.
tortoisedoc ( 2018-03-18 19:07:41 +0300 )edit