View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000777 | Double Commander | Default | public | 2013-12-13 12:10 | 2022-02-17 09:25 |
| Reporter | mitzu | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Projection | none | ETA | none | ||
| Platform | ALL | OS | Linux & BSD | OS Version | Any |
| Product Version | 0.5.7 | Product Build | 5310; 2013/09/22 | ||
| Fixed in Version | 1.1.0 | ||||
| Summary | 0000777: Passwords saved as plain text and easily retrievable | ||||
| Description | During an authentication dialogue, passwords are entered in the "command line" entry box. They are therefore saved for the session. When DC is running on an unattended computer, one can easily open the commands history and retrieve the passwords (which are normally entered after an 'su' command). Moreover, if "Save command line history" is checked in 'Options/Configuration/Save on exit' (which is the default), the command line history is saved in-between the sessions in an unecrypted XML file. Again, any password entered can be easily retrieved. *** This ONLY happens when DC's terminal window is active/shown. When only the command line entry box is shown, the issue is NOT present. *** | ||||
| Steps To Reproduce | 0. Display the embedded terminal window by checking the 'Show terminal window' box in 'Options/Layout'. 1. enter 'sudo ps' in the command line entry box. 2. enter your password in the command lone when the system prompts you. The 'ps' command is executed. 3. Open command line history by clicking on the down arrow of the combo box. Your password appears as the last executed command (top of the list). 4. Exit Double Commander. If enabled, the command line history is saved. 5. Open ~/.config/doublecmd/history.xml 6. Your password in shown in the 'CommandLine' section of the file. | ||||
| Tags | No tags attached. | ||||
| Fixed in Revision | |||||
| Operating system | Linux, BSD | ||||
| Widgetset | GTK2, QT4 | ||||
| Architecture | 32-bit, 64-bit | ||||
