Cyberduck Mountain Duck CLI

#2878 closed defect (fixed)

Password in non-default keychain are copied to login keychain

Reported by: anonymous Owned by: dkocher
Priority: normal Milestone: 3.3.1
Component: core Version: 3.1.2
Severity: normal Keywords: keychain password
Cc: Architecture:
Platform:

Description

Passwords already registered in a keychain different from ~/Library/Keychains/login.keychain will be read and copied to ~/Library/Keychains/login.keychain (which defeats the whole point of storing them in a different keychain)

The code to read passwords in keychains different from ~/Library/Keychains/login.keychain was included r4428 in 3.1, in order to fix issue #2001

I only checked this using FTP.

Change History (10)

comment:1 Changed on Jan 12, 2009 at 9:24:39 AM by dkocher

  • Milestone set to 3.1.2
  • Status changed from new to assigned

comment:2 Changed on Jan 12, 2009 at 9:54:27 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r4467.

comment:3 Changed on Jan 12, 2009 at 9:54:39 PM by dkocher

  • Component changed from ftp to core

comment:4 Changed on Feb 2, 2009 at 3:36:54 PM by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened
  • Version changed from 3.1.1 to 3.1.2

the issue still exists in 3.1.2. if you log into a ftp-account with password saved in a non-default keychain, login is ok. as soon as you download a file (with open new connection instead of use browser connection) cyberduck tries to save the password in the default keychain again.

comment:5 Changed on Mar 20, 2009 at 3:10:23 PM by dkocher

  • Milestone changed from 3.1.2 to 3.2

#3057 closed as duplicate.

comment:6 Changed on Apr 13, 2009 at 2:31:27 PM by dkocher

  • Milestone changed from 3.2 to 3.3

Milestone 3.2 deleted

comment:7 follow-up: Changed on Nov 26, 2009 at 10:23:50 AM by chocolate.camera@…

The bug is still there in v3.3 (5552). This one makes it impossible to store passwords securely. Added to unusable SFTP (#185) make one wonder why Cyberduck has a serious lack of priority for security.

Are things like S3 or Rackspace support really more requested than solid SSH and Keychain support?

comment:8 in reply to: ↑ 7 Changed on Nov 27, 2009 at 2:55:40 PM by dkocher

  • Milestone changed from 3.5 to 3.4
  • Resolution set to fixed
  • Status changed from reopened to closed

Replying to chocolate.camera@…:

The bug is still there in v3.3 (5552). This one makes it impossible to store passwords securely.

In r5590.

comment:9 Changed on Jan 13, 2010 at 3:48:57 PM by dkocher

  • Summary changed from Password in non-default keychain are copied to default one to Password in non-default keychain are copied to login keychain

comment:10 Changed on Jan 16, 2010 at 1:35:51 PM by dkocher

#3336 closed as duplicate.

Note: See TracTickets for help on using tickets.
swiss made software