Bug#497046: kwalletmanager: Insecure auto closing of wallet
Package: kwalletmanager
Version: 4:3.5.9-2
Severity: normal
The kwalletmanager automatically closes the wallet after it hasn't been
used for a while. This greatly improves the security of the wallet.
However, when the wallet is closed while some password was still
readable in the wallet, kwalletmanager places a popup over the open
wallet. It's easy to drag this popup away and read all information in
the currently open wallet.
If this doesn't make sense, please drop me an e-mail and I'll send you a
screenshot clearly illustrating the issue.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages kwalletmanager depends on:
ii kdelibs4c2a 4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libgcc1 1:4.3.1-2 GCC support library
ii libqt3-mt 3:3.3.8b-5 Qt GUI Library (Threaded runtime v
ii libstdc++6 4.3.1-2 The GNU Standard C++ Library v3
kwalletmanager recommends no packages.
Versions of packages kwalletmanager suggests:
ii khelpcente 4:4.0.0.really.3.5.9.dfsg.1-5 help center for KDE
-- no debconf information
Reply to: