Perhaps you forgot your WiFi password? Perhaps you social engineered someone to connect to their wifi on your laptop? Perhaps you just wish to know?

As remarkable as it is, Ubuntu’s Network Manager stores passwords in a plain text file. The ONLY security which is wrapped around this file is that in order to read it’s contents you must have root permissions.

Ubuntu has known about this issue at least since 2012 and true to the mantra “it’s a feature, not a bug” closed this concern out as being designed that way.

Marc Deslauriers, Ubuntu Security Engineer, responded to the above concern as such:

“This is by design. The passwords are stored in files which have appropriate permissions, and the system must be able to retrieve them to transmit to wireless networks. Obfuscating the passwords in those files in a recoverable way would not improve security.”

Though Deslauriers logic and assertion is accurate it does not seem to involve thinking beyond “stage one.” The fact is if someone compromises a machine and gains root access then potentially ANY private wifi networks that machine has saved are now compromised. Perhaps the machine was not the target of the attack. Though an attacker was able to gather intel that this machine had been connected to a private wifi network that is the subject of an attack. If the attacker can gain root access to the third party machine and the wifi connection is saved; the attacker now has access to their intended target.

Furthermore, “appropriate permissions” are essential but as anyone who knows just a little about information security will understand is that permissions can be compromised, bypassed, or otherwise defeated.

Of course if you have access to the desktop environment you could just view the wifi settings and click Security>”Show Password”. However, maybe you have set up a reverse shell and do not have GUI access. Here is how to do it from the command line.

Getting the Info:

First lets list the avialable connections (NO ROOT  ACCESS NEEDED):
ls /etc/NetworkManager/system-connections/

To view the settings of a connection (where <wifi name> if the name of the file of the connection you wish to interrogate):

sudo cat /etc/NetworkManager/system-connections/<wifi name>

 

Look for the block of text:
[wifi-security]
group=
key-mgmt=wpa-psk
pairwise=
proto=
psk=supersecretypassword

 

Having the GUI be able to show cleartext passwords is not ideal. However if the password was shown from an encrypted state and then removed from memory when no longer needed that would be more secure than just storing the plain text password in a file. What would be more ideal is a common wifi network manager setting that would allow a user to disable the ability to even show the passwords in plain text… and of course storing the passwords in an encrypted state.