[BZ] genome-keyring unnecessarily exposes all saved passwords
Issue
Description of problem:
genome-keyring unnecessarily exposes all saved passwords without prompting for the users password prior to access.
Version-Release number of selected component (if applicable):
gnome-keyring-2.28.2-8.el6_3.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Boot into RHEL 6 gnome
2. Have previously saved passwords for webpages (in my case google chrome)
3. Click applications > passwords and encrypted keys
4. Click the dropdown menu passwords
5. Double click a saved URL
6. Click the arrow next to password
7. Click "show password"
Actual results:
Any encrypted password can be easily viewed and recorded.
Expected results:
Prompt the user for their login password to allow access to this information.
Additional info:
If a user leaves a session open, someone can easily follow this path and steal every saved password.
Environment
RHEL 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.