Mailinglist Archive: opensuse-bugs (6258 mails)

[bugzilla_noreply@xxxxxxxxxx]

http://bugzilla.novell.com/show_bug.cgi?id=559515

http://bugzilla.novell.com/show_bug.cgi?id=559515#c0


           Summary: osc stores password in clear text in file .oscrc
    Classification: openSUSE
           Product: openSUSE 11.2
           Version: Final
          Platform: x86-64
        OS/Version: openSUSE 11.2
            Status: NEW
          Severity: Critical
          Priority: P5 - None
         Component: Development
        AssignedTo: pth@xxxxxxxxxx
        ReportedBy: poletti.marco@xxxxxxxxx
         QAContact: qa@xxxxxxx
          Found By: ---
           Blocker: ---


User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.5)
Gecko/20091103 SUSE/3.5.5-1.1.2 Firefox/3.5.5 GTB6

The "osc" command-line client stores the user password in clear text in the
file ~/.oscrc. This should not happen, maybe it could store only a hash of the
password or use KDE or GNOME keyrings.

In the file .oscrc, the GNOME keyring seems somehow supported, but KDE doesn't.

In any case, storing it in clear text is not a viable option.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.