[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#497046: kwalletmanager: Insecure auto closing of wallet

Package: kwalletmanager
Version: 4:3.5.9-2
Severity: normal

The kwalletmanager automatically closes the wallet after it hasn't been
used for a while. This greatly improves the security of the wallet.
However, when the wallet is closed while some password was still
readable in the wallet, kwalletmanager places a popup over the open
wallet. It's easy to drag this popup away and read all information in
the currently open wallet. 

If this doesn't make sense, please drop me an e-mail and I'll send you a
screenshot clearly illustrating the issue.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kwalletmanager depends on:
ii  kdelibs4c2a             4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii  libc6                   2.7-13           GNU C Library: Shared libraries
ii  libgcc1                 1:4.3.1-2        GCC support library
ii  libqt3-mt               3:3.3.8b-5       Qt GUI Library (Threaded runtime v
ii  libstdc++6              4.3.1-2          The GNU Standard C++ Library v3

kwalletmanager recommends no packages.

Versions of packages kwalletmanager suggests:
ii  khelpcente 4:4.0.0.really.3.5.9.dfsg.1-5 help center for KDE

-- no debconf information
Reply to: