| Summary: | Security/Vulnerability hole in Online Accounts > Google Web Authentication | ||
|---|---|---|---|
| Product: | [Applications] systemsettings | Reporter: | wyattbiker |
| Component: | general | Assignee: | Plasma Bugs List <plasma-bugs-null> |
| Status: | RESOLVED DOWNSTREAM | ||
| Severity: | grave | ||
| Priority: | NOR | ||
| Version First Reported In: | 5.27.12 | ||
| Target Milestone: | --- | ||
| Platform: | Kubuntu | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: | Shows possible vulnerability of entering google email/password into app | ||
Thank you for the bug report! However Plasma 5.27.12 no longer receives updates or maintenance from KDE; active versions are 6.4 or newer. Please upgrade to an active version as soon as your distribution makes it available to you. Plasma is a fast-moving project, and bugs in one version are often fixed in the next one. If you need help with Plasma 5.27.12, please contact your distribution, who bears the responsibility of providing help for older releases that are no longer receiving updates from KDE. If you can reproduce the issue after upgrading to an active version, feel free to re-open this bug report. |
Created attachment 185109 [details] Shows possible vulnerability of entering google email/password into app SUMMARY I want to add Google Drive and when I goto Settings > Online Accounts and choose Google I am presented with an entry screen to enter my email and password. This screen does not show a URL or any indication it is a browser based screen served by Google. I refuse to use it, because I would be exposing myself to a KDE app providing my email and password which could in theory be sent to a 3rd party. I need the ability to know this a screen generated by google through my default browser, in my case it is Chrome. STEPS TO REPRODUCE 1. Settings 2. Online Accounts 3. Google (Web authentication) OBSERVED RESULT Asks for emai and password EXPECTED RESULT Should open the default browser so that the URL and page source can be observed. Should allow logging in using the google browser security manager. SOFTWARE/OS VERSIONS Operating System: Kubuntu 24.04 KDE Plasma Version: 5.27.12 KDE Frameworks Version: 5.115.0 Qt Version: 5.15.13 Kernel Version: 6.8.0-83-generic (64-bit)