connmanctl has tethering password in cleartext
Steps to repro:
1) enable tethering (set password)
2) open terminal
3) run connmanctl technologies | grep Pass
4) password set for tethering is in the result list
We have moved to a new Sailfish OS Forum. Please start new discussions there.
Steps to repro:
1) enable tethering (set password)
2) open terminal
3) run connmanctl technologies | grep Pass
4) password set for tethering is in the result list
thing is, that doesn't even matter because if you go to settings->mobile hotspot and click on the abc symbol next to the password it shows it in clear text too.
im sorry but it does matter.
As mentioned, if a secure phone starts with the assumption having cleartext passwords displayed on screen (without prior intention to do so by the user, which is the case in the scenario you mention) is privacy, its growing from the wrong bases. Security is an attitude, not a feature.
tortoisedoc ( 2018-03-19 13:54:44 +0300 )editbut to do that you would need ssh access witch not only means that you already have the ssh password witch doubles as a root password so you would be able to do pretty much whatever you please at that point but also would it mean that you don't fucking need a hotspot anymore.
Stedephys ( 2018-03-19 14:27:16 +0300 )edit@Stedephys not really; any application can execute as nemo a shell script which will return the password in clear text; so you do not really need ssh, you need an application (installed from openrepos?) and bang you are in.
tortoisedoc ( 2018-03-19 14:39:59 +0300 )editThis thread is public, all members of Together.Jolla.Com can read this page.
Asked: 2018-03-18 14:56:17 +0300
Seen: 424 times
Last updated: Mar 19 '18
[Fixed in 1.0.3.8] Crash when linking contacts? [not relevant]
Time slider usage in video player of Gallery app causes the app to hang [duplicate]
QAudioOutput isn't integrated with system volume and libresource like QMediaPlayer
Bug: E-Mail synchronization does not work as configured [released]
Word prediction should be always turned off when entering passwords in Android apps [released]
Don't enforce focus to textfield [answered]
[Implemented in 1.0.3.8] Email: Honour Reply-To header [answered]
@Edz : you were in terminal already, so why the need for another one?
tortoisedoc ( 2018-03-18 18:09:53 +0300 )editWhat's the bug? Unless the password is stored in cleartext you wouldn't be able to reveal it when you wan't to see what to type in the station you're connecting to the hotspot.
luen ( 2018-03-18 18:51:09 +0300 )edit@luen say w0t?
tortoisedoc ( 2018-03-18 18:55:09 +0300 )edit@tortoisedoc How would you like to have it stored?
luen ( 2018-03-18 18:59:03 +0300 )edit@luen Please note that im complaining about connman having the password in cleartext (read: how it's displayed) not how it's stored.
tortoisedoc ( 2018-03-18 19:07:41 +0300 )edit