Bug 435430

Summary: Password input field may jump to other item if the networks list rearranges while typing password
Product: [Plasma] plasma-nm Reporter: Oleksandr Popel <adamantgarth>
Component: appletAssignee: Jan Grulich <jgrulich>
Status: RESOLVED DUPLICATE    
Severity: critical CC: foxlet, jgrulich, marcin, nate
Priority: VHI Keywords: regression
Version: 5.21.4   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: https://invent.kde.org/plasma/plasma-nm/commit/64dc6234b6980172bb53084c16a0e4e693d6011a Version Fixed In: 5.21.5

Description Oleksandr Popel 2021-04-06 17:08:59 UTC 
SUMMARY

When you type a WiFi password, sometimes the list of networks can rearrange while you're typing and the input field will "attach" to a different element in the network list.

For example, lets say we have three networks with unstable levels of signal: Foo, Bar and Baz. The bug may then present itself like this:

Networks > Networks > Networks
-------- > -------- > --------
Foo      > Foo      > Bar
Bar      > [secret] > [secret]
Baz      > Bar      > Foo
         > Baz      > Baz

Square brackets represent text input field and arrows represent state change (entering the password and networks rearranging).

STEPS TO REPRODUCE
1. Press "Connect" button on one of the networks (preferably with similar signal quality to some other network).
2. Write something into the field.
3. Wait until the signal levels change and another network replaces the one you initially selected, with its password input field being active and what you entered previously - in it.

OBSERVED RESULT
Password is being entered for another network

EXPECTED RESULT
Either for the network not to change its position at all (while typing), or at least input field staying connected to the network, not its initial position.

SOFTWARE/OS VERSIONS
Linux distro: Arch Linux
KDE Plasma Version: 5.21.4
KDE Frameworks Version: 5.80.0
Qt Version: 5.15.2
Comment 1 Nate Graham 2021-04-07 15:03:28 UTC 
OMG can reproduce! I can anticipate it becoming a "throw the computer out the window" level of frustration...
Comment 2 Nate Graham 2021-04-07 16:12:36 UTC 
Marking as critical since this can cause your wifi password to silently get to sent to the router of a different network controlled by someone else (possibly malicious).
Comment 3 Jan Grulich 2021-04-08 09:12:38 UTC 
(In reply to Nate Graham from comment #2)
> Marking as critical since this can cause your wifi password to silently get
> to sent to the router of a different network controlled by someone else
> (possibly malicious).

I'm working on a fix, I seem to find one. I just need to test it properly.
Comment 4 Bug Janitor Service 2021-04-08 10:19:50 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-nm/-/merge_requests/55
Comment 5 Oleksandr Popel 2021-04-08 10:36:09 UTC 
(In reply to Nate Graham from comment #2)
> Marking as critical since this can cause your wifi password to silently get
> to sent to the router of a different network controlled by someone else
> (possibly malicious).

AFAIK, only password's hash gets transmitted, so it wouldn't be any different than sending the password to your own router, since most of WiFi-capable devices can intercept the handshake. You don't need an evil router :)

So it's not that critical in terms of security. Maybe only if the network that gets selected is an open one - then if you didn't pay attention you might be sending private data on a public network. But I don't know how networkmanager would react to you providing a password for an open network - maybe that's an error.
Comment 6 Jan Grulich 2021-04-12 05:49:25 UTC 
Git commit d7846ecc8b01178a4a1eea34c616ca3ad75fc2e5 by Jan Grulich.
Committed on 12/04/2021 at 05:48.
Pushed by grulich into branch 'master'.

Applet: delay model updates on expanded password field

This should prevent random jumps between different connections while user
is typing password to the password field

M  +8    -9    applet/contents/ui/ConnectionItem.qml
M  +69   -44   libs/models/networkmodel.cpp
M  +17   -1    libs/models/networkmodel.h

https://invent.kde.org/plasma/plasma-nm/commit/d7846ecc8b01178a4a1eea34c616ca3ad75fc2e5
Comment 7 Jan Grulich 2021-04-12 05:50:29 UTC 
Git commit 64dc6234b6980172bb53084c16a0e4e693d6011a by Jan Grulich.
Committed on 12/04/2021 at 05:50.
Pushed by grulich into branch 'Plasma/5.21'.

Applet: delay model updates on expanded password field

This should prevent random jumps between different connections while user
is typing password to the password field

M  +8    -9    applet/contents/ui/ConnectionItem.qml
M  +69   -44   libs/models/networkmodel.cpp
M  +17   -1    libs/models/networkmodel.h

https://invent.kde.org/plasma/plasma-nm/commit/64dc6234b6980172bb53084c16a0e4e693d6011a
Comment 8 Nicolas Fella 2021-09-20 21:39:43 UTC 
*** Bug 442749 has been marked as a duplicate of this bug. ***
Comment 9 foxlet 2022-07-15 17:56:05 UTC 
This issue still occurs on KDE Plasma 5.23.5 under SteamOS.
Comment 10 Nate Graham 2022-07-15 18:49:05 UTC 
Yeah, it's still an issue. Duping to Bug 389052 which is the baster bug report tracking it.

*** This bug has been marked as a duplicate of bug 389052 ***