Bug 140275

Summary: changing login form must clear password entry
Product: [Applications] konqueror Reporter: Martin Zbořil <martin.zboril>
Component: khtml formsAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED REMIND    
Severity: normal CC: grundleborg
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:

Description Martin Zbořil 2007-01-19 03:27:34 UTC 
Version:           3.5.5 (using KDE 3.5.5, compiled sources)
Compiler:          Target: i586-mandriva-linux-gnu
OS:                Linux (i686) release 2.6.17-9mdv

some pages allows to show an information about unsuccessfull login like ip, time, and password - its a rather stupid approach, but in still in use on some discussion servers.
when the login and password are filled into a forms from kwallet, there is an easy way to get these password just by changing login part, because the password form will be left filled with saved data but different login, which can lead to exposing the password.
Comment 1 Martin Zbořil 2007-06-08 23:59:14 UTC 
argh! say something! i am tired of changing my password everytime after some of my friends abuses my internet connectivity
Comment 2 Michael Leupold 2008-04-20 14:35:41 UTC 
I'm sorry, but I can't actually see where the bug is here. While you are authorized in kwallet anyone can just fire-up kwalletmanager and read the password verbatim. If you still think this is a bug, please be more specific.
Comment 3 George Goldberg 2008-04-21 10:18:27 UTC 
Please reopen this bug if you can provide more specific details about exactly what  the problem is here, and how we can reproduce it.