Cyberduck
Mountain Duck
CLI#2878 closed defect (fixed)
Password in non-default keychain are copied to login keychain
| Reported by: | anonymous | Owned by: | dkocher |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.3.1 |
| Component: | core | Version: | 3.1.2 |
| Severity: | normal | Keywords: | keychain password |
| Cc: | Architecture: | ||
| Platform: |
Description
Passwords already registered in a keychain different from ~/Library/Keychains/login.keychain will be read and copied to ~/Library/Keychains/login.keychain (which defeats the whole point of storing them in a different keychain)
The code to read passwords in keychains different from ~/Library/Keychains/login.keychain was included r4428 in 3.1, in order to fix issue #2001
I only checked this using FTP.
Change History (10)
comment:1 Changed 9 years ago by dkocher
- Milestone set to 3.1.2
- Status changed from new to assigned
comment:2 Changed 9 years ago by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:3 Changed 9 years ago by dkocher
- Component changed from ftp to core
comment:4 Changed 9 years ago by anonymous
- Resolution fixed deleted
- Status changed from closed to reopened
- Version changed from 3.1.1 to 3.1.2
the issue still exists in 3.1.2. if you log into a ftp-account with password saved in a non-default keychain, login is ok. as soon as you download a file (with open new connection instead of use browser connection) cyberduck tries to save the password in the default keychain again.
comment:5 Changed 9 years ago by dkocher
- Milestone changed from 3.1.2 to 3.2
#3057 closed as duplicate.
comment:7 follow-up: ↓ 8 Changed 9 years ago by chocolate.camera@…
The bug is still there in v3.3 (5552). This one makes it impossible to store passwords securely. Added to unusable SFTP (#185) make one wonder why Cyberduck has a serious lack of priority for security.
Are things like S3 or Rackspace support really more requested than solid SSH and Keychain support?
comment:8 in reply to: ↑ 7 Changed 9 years ago by dkocher
- Milestone changed from 3.5 to 3.4
- Resolution set to fixed
- Status changed from reopened to closed
Replying to chocolate.camera@…:
The bug is still there in v3.3 (5552). This one makes it impossible to store passwords securely.
In r5590.
comment:9 Changed 8 years ago by dkocher
- Summary changed from Password in non-default keychain are copied to default one to Password in non-default keychain are copied to login keychain
comment:10 Changed 8 years ago by dkocher
#3336 closed as duplicate.
In r4467.