Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password stored as a plain text #46

Open
sajonCC opened this issue Jan 30, 2024 · 1 comment
Open

Password stored as a plain text #46

sajonCC opened this issue Jan 30, 2024 · 1 comment
Labels
logging-improvement

Comments

@sajonCC
Copy link

sajonCC commented Jan 30, 2024

Hi,

I've run in to the issue with connecting to VPN server. While trying to debug the problem, I found an issue with storing user credentials. While typing a password in Settings pop-up, in the konsole warning is displayed that password is saved as a plain text, why?

WARNING:eovpn.settings_window.py:on_password_stored:Password saved as plain text!

Below is a debug log from the start of the app.

flatpak run com.github.jkotra.eovpn --debug 10
DEBUG:eovpn.eovpn_base.py:get_setting:dark-theme True
DEBUG:eovpn.eovpn_base.py:get_setting:manager openvpn3
DEBUG:eovpn.eovpn_base.py:get_setting:layout card-h
DEBUG:eovpn.eovpn_base.py:get_setting:show-flag False
DEBUG:eovpn.eovpn_base.py:get_setting:layout card-h
DEBUG:eovpn.eovpn_base.py:get_setting:last-connected-cursor -1
DEBUG:eovpn.eovpn_base.py:get_setting:req-auth False
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = fl | v = 73f495
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = h | v = 104.16.123.96
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = ip | v = 178.43.8.85
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = ts | v = 1706601536.756
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = visit_scheme | v = http
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = uag | v = Python-urllib/3.10
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = colo | v = WAW
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = sliver | v = none
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = http | v = http/1.1
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = loc | v = PL
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = tls | v = off
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = sni | v = off
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = warp | v = off
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = gateway | v = off
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = rbi | v = off
DEBUG:eovpn.ip_lookup.lookup.py:cloudflare:Cloudflare: k = kex | v = none
DEBUG:eovpn.eovpn_base.py:get_setting:ca None
INFO:eovpn.connection_manager.py:connect:config path: b'/net/openvpn/v3/configuration/3f8f7caexbc57x4a79x9132x201ade71fea7'
INFO:eovpn.connection_manager.py:connect:session path: b'/net/openvpn/v3/sessions/10802cb3s6d6as4594s8785s1d6981ecf05f'
DEBUG:eovpn.backend.openvpn3.dbus.py:sub_callback:StatusMajor.CONNECTION(2) StatusMinor.CFG_REQUIRE_USER(4) Username/password credentials needed
DEBUG:eovpn.eovpn_base.py:get_setting:auth-user None
ERROR:eovpn.main_window.py:on_connection_event:Username/password credentials needed
DEBUG:eovpn.eovpn_base.py:get_setting:notifications True
(eovpn:2): libnotify-WARNING **: 08:58:58.229: Running in confined mode, using Portal notifications. Some features and hints won't be supported
DEBUG:eovpn.eovpn_base.py:get_setting:remote /run/user/1000/doc/6b8a7bce/CC-VPN.zip
DEBUG:eovpn.eovpn_base.py:get_setting:req-auth False
DEBUG:eovpn.eovpn_base.py:get_setting:auth-user None
DEBUG:eovpn.eovpn_base.py:get_setting:auth-user None
DEBUG:eovpn.eovpn_base.py:get_setting:ca None
DEBUG:eovpn.eovpn_base.py:get_setting:notifications True
DEBUG:eovpn.eovpn_base.py:get_setting:show-flag False
DEBUG:eovpn.eovpn_base.py:get_setting:dark-theme True
DEBUG:eovpn.eovpn_base.py:get_setting:manager openvpn3
DEBUG:eovpn.eovpn_base.py:get_setting:manager openvpn3
DEBUG:eovpn.eovpn_base.py:set_setting:req-auth true
DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 's'
DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'sa'
DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'saj'
DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'sajo'
DEBUG:eovpn.eovpn_base.py:set_setting:auth-user 'sajon'
DEBUG:eovpn.eovpn_base.py:get_setting:auth-user sajon
DEBUG:eovpn.eovpn_base.py:set_setting:auth-pass '#'
WARNING:eovpn.settings_window.py:on_password_stored:Password saved as plain text!

I'm on Kubuntu 22.04. When trying your app in the other linux distro in the VM, all is working fine. What am I missing?

Thank you very much for your support.
@jkotra
Copy link
Owner

jkotra commented Jan 30, 2024
edited

eOVPN/eovpn/settings_window.py

Lines 370 to 376 in 1558afb

try:
is_pwd_stored = Secret.password_store_finish(result)
logger.debug(is_pwd_stored)
except Exception:
#save as plain text
self.set_setting(self.SETTING.AUTH_PASS, entry.get_text())
logger.warning("Password saved as plain text!")

eOVPN uses secrets library to store password. If an exception is raised in this process, application falls back to plain text. This was initially introduced as a workaround to support older LTS (currently EOL) editions of ubuntu.

You have investigate why secrets API is not working as expected in your distribution.

There's a case to improve logging here, tell user about the details of exception. I will do that in next release. Thanks.

jkotra added a commit that referenced this issue Feb 3, 2024
@jkotra
Improve logging
de16dcb 
possibly explains why we store password as plain text (#46)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
logging-improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkotra @sajonCC