Security issue with WIFI being displayed

[compir]

Using Debian 12 Amd 64 with XFCE the network manager applet 1.30.0 displays the WIFI password on a terminal screen without asking for a password. This should be secured from any user opening up the terminal and viewing the WIFI password. Can this be done on Debian 12 ?

debian wifi displayed.png (10.54 KiB) Viewed 42001 times

[lindi]

The screenshot is empty?

[compir]

[CwF]

There is no issue.

[compir]

Can I force the requirement of the Root password before allowing anyone who has ccess to the workstation to view the WIFI password?

[CwF]

I don't think so without restricting the user to a kiosk type desktop.

[Aki]

Moved from "System and Network configuration" to "Graphical Environments and Desktop" sub-forum.

[lindi]

In Debian 12 the Wi-Fi password is stored in a file that only the root user can read. However, the NetworkManager service offers an API for operating on network settings. This API requires authorization. The opration "org.freedesktop.NetworkManager.settings.modify.system" by default can only be done if you are on the local system (so does not work over SSH), your session is active (so screen is not locked etc.) and you are in the group "sudo" or "netdev". Do you meet these requirements? By default the first user is at least part of "netdev" but subsequent users are not.

[admiincomp]

I do not see the API requiring authorization through the network manager app?

If you compare other O.S. such as windows or apple no access to the WIFI can be made without a password, otherwise any user can access the local machines WIFI information

[CwF]

I do not see the API requiring authorization through the network manager app?

generally polkit

If you compare other O.S. such as windows or apple no access to the WIFI can be made without a password,...

not in my experience

..., otherwise any user can access the local machines WIFI information

usually.

How about you just don't let them use your computer.

[admiincomp]

That is the only option. You cannot let anyone use the computer if you do not trust them with accessing the WIFI information.

[lindi]

If you compare other O.S. such as windows or apple no access to the WIFI can be made without a password, otherwise any user can access the local machines WIFI information

If I create a guest user on my Debian 12 system, they cannot access the wifi password. Here's a screencast that shows it:

https://lindi.iki.fi/lindi/screencast/d ... sword.webm

[admiincomp]

You should not have to create a guest. This issue does not exist on windows or Apple.

[lindi]

You should not have to create a guest. This issue does not exist on windows or Apple.

What issue? Debian lets you configure if a user can configure network or not. By default the first user created can configure the network as that's what most people want but you can change that.

[bbbhltz]

You should not have to create a guest. This issue does not exist on windows or Apple.

Linux systems are meant to be used by different users and administrators or superusers. I think that might be the reasoning. I wouldn't let anyone except my partner or (maybe) my son use my personal session on a computer. Get he WiFi password? That's nothing. Imagine if you use Chromium as a password manager. Somewhere in

~/.local/

or

~/.config/

is a file with many passwords in it.

It does appear that this is a design/UI/UX decision, though, and other DE's also show the password. So you cannot be the first to mention it and a quick DDG search turns up 7-year-old discussions on other Q&A forums talking about obfuscating the password with a hash, which would only slow someone down.

Also, on Windows I have on more than one occasion "extracted" the WiFi password using tools that can be found through search engines. This was about 10 years ago, to perhaps Windows got wise. I don't know a thing about Apple, except 1) my students love them and 2) my students don't know how to use them.

[lindi]

You should not have to create a guest. This issue does not exist on windows or Apple.

It does appear that this is a design/UI/UX decision, though, and other DE's also show the password. So you cannot be the first to mention it and a quick DDG search turns up 7-year-old discussions on other Q&A forums talking about obfuscating the password with a hash, which would only slow someone down.

This is not a UI issue. The password is stored outside users's home directory and there is an API to query that password. The API requires authorization. By default the first user is authorized to access that but if you create more users those are not. I don't see why you would hash a wifi password either, how would you then use it to authenticate to a wifi access point?

[steve_v]

If I create a guest user on my Debian 12 system, they cannot access the wifi password.

If you create a guest user, by default they do not have permission to modify system network connections. That is not the same as viewing stored wireless keys.
Said permissions are generally policykit rules, e.g.

Code: Select all

$ cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules 
// Let users in plugdev group modify NetworkManager
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
        subject.isInGroup("plugdev") && subject.active) {
        return "yes";
    }
});

I don't see why you would hash a wifi password either, how would you then use it to authenticate to a wifi access point?

You can't hash it, because wpa-supplicant needs the plaintext key to authenticate to the AP. You can encrypt it at the widget / manager / GUI level though, (then pass the decrypted string to NM over dbus) and details on the various ways to do that can be found in the usual place.
Otherwise keys are stored in plaintext in /etc/, and can be viewed by anyone with the appropriate filesystem permissions or IPC policy, same as any other OS.

[arzgi]

You can't hash it, because wpa-supplicant needs the plaintext key to authenticate to the AP.

Wrong, it can be clear text, but when I used wpa-supplicant , I used wpa_passphrase (in the same pacakge) to crypt the wifi-passphrase. And wpa_supplicant.conf had to only root readable, if I remember right.

[admiincomp]

The solution has to be forcing the administrator password before allowing access to any WIFI security information.

[CwF]

The solution has to be forcing the administrator password before allowing access to any WIFI security information.

Not on MY user will there be a forced password,,,
This is why you create, need to create, are forced to create a Guest User
There is no OS that hides the password from the empowered (root, admin, administrator, god, super user, power user, me, etc) user. PERIOD

viewtopic.php?p=788094#p788094