https://bugs.kde.org/show_bug.cgi?id=448653
Bug ID: 448653
Summary: KWallet Password dialog window should be a modal
window forced to front and with forced focus but it is
not, so other windows can grab focus while typing the
password
Product: kwalletmanager
Version: 21.12.1
Platform: openSUSE RPMs
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: va...@kde.org
Reporter: mail+...@branleb.de
Target Milestone: ---
When KWallet access is required by an Application (e.g. after login), the
password dialogue is not a modal dialog (meaning the window is not neccessarily
forcibly displayed on top off all other windows (see also Bug #436531) and the
input focus can switch to other windows without an active user interaction).
This leads to a situation, where other applications can grab the input focus
while typing a password.
Especially during startup/after login this can happen - and should never happen
because it's a information security breach.
gnome keyring manger gets that and therefore works as expected. kwallet should
too.
STEPS TO REPRODUCE
1. Start KWallet Service
2. Start some Application which requires wallet access
3. Have some other Application opening a new Windows while typing the password
OBSERVED RESULT
KWallet Password dialogue loses focus, typing goes to other application ->
information breach
EXPECTED RESULT
Input Focus stays on Kwallet dialogue, password gets typed in completely, no
information breach
SOFTWARE/OS VERSIONS
Windows: not tested
macOS: not tested
Linux/KDE Plasma:
(available in About System)
KDE Plasma Version: 5.23.5
KDE Frameworks Version: 5.90.0
Qt Version: 5.15.2
ADDITIONAL INFORMATION
<code>
lsb_release -a
LSB Version: n/a
Distributor ID: openSUSE
Description: openSUSE Tumbleweed
Release: 20220103
Codename: n/a
</code>
<code>
kwalletmanager5 --version
kwalletmanager5 21.12.1
</code>
--
You are receiving this mail because:
You are watching all bug changes.
