[BZ] genome-keyring unnecessarily exposes all saved passwords

Solution In Progress - Updated -

Issue

Description of problem:
genome-keyring unnecessarily exposes all saved passwords without prompting for the users password prior to access.

Version-Release number of selected component (if applicable):
gnome-keyring-2.28.2-8.el6_3.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Boot into RHEL 6 gnome
2. Have previously saved passwords for webpages (in my case google chrome)
3. Click applications > passwords and encrypted keys
4. Click the dropdown menu passwords
5. Double click a saved URL
6. Click the arrow next to password
7. Click "show password"

Actual results:
Any encrypted password can be easily viewed and recorded.

Expected results:
Prompt the user for their login password to allow access to this information.

Additional info:
If a user leaves a session open, someone can easily follow this path and steal every saved password.

Environment

RHEL 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content