Bug 120512 - Require password before showing password content
Summary: Require password before showing password content
Status: RESOLVED INTENTIONAL
Alias: None
Product: kwalletmanager
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR wishlist (vote)
Target Milestone: ---
Assignee: George Staikos
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-20 16:38 UTC by Carsten Schlipf
Modified: 2007-07-14 18:39 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Schlipf 2006-01-20 16:38:12 UTC
Version:           1.1 (using KDE 3.5.0 Level "a" , SUSE 10.0 UNSUPPORTED)
Compiler:          Target: i586-suse-linux
OS:                Linux (i686) release 2.6.13-15.7-default

Even if the KWallet is opened (as it is often with applications in the background like kopete or kmail) it should not be possible to show the content of the passwort without entering the password once again, before showing it. As it is currently, any body can see the content of a password, while the wallet is opened without the knowledge of the KWallet passwort.

Even encrypted passwords in config files are more secure compared to this.
Comment 1 George Staikos 2006-01-21 01:07:18 UTC
You want to have one password for each password?  That makes no sense, and can't be implemented otherwise.  KWallet is not designed for this behaviour and it is not a goal.
Comment 2 Carsten Schlipf 2006-01-21 14:31:31 UTC
No, of course not... But I would like KWallet to ask for the wallet password once again like it does, when you open it if other applications wants to access the password, before the content is shown.

And that even if KWallet is already open.

If a password is saved encrypted in a Config file, you can't read the real password and try it for other applications of the user. But KWallet allows this, if it is open and it is open most of the time since a lot of applications access it.
Comment 3 Thiago Macieira 2006-01-21 19:38:19 UTC
KWallet, by default, asks if you want to allow one application to get data from the wallet. You must have told it to allow always. Use KWalletManager to change that policy, so that you can click on "Allow Once" before any password is entered.

Another idea is to close the wallet very quickly.
Comment 4 Carsten Schlipf 2006-01-21 23:01:42 UTC
Yes, but I consider this as a workaround and still don't understand why kwallet does not check the wallet password once again, before it displays the clear-text content of a password.
Comment 5 George Staikos 2006-01-21 23:14:12 UTC
  Because you gain no security.  You could just get the plaintext with a dcop 
call instead.
Comment 6 Carsten Schlipf 2006-01-23 09:36:30 UTC
OK, I wasn't aware of the dcop call.

However for me it means that I will stop using KWallet. E.g. for accessing my exchange email I have to store my domain password and I don't have to tell you what happens, if someone knows it ;-)
Comment 7 Thiago Macieira 2006-01-24 18:37:42 UTC
Have you tried accessing the password using DCOP? You'll get a window asking if you want to give that application access to the wallet.

It's the same issue as before: if you don't trust ALL applications to get access to your wallet, then you shouldn't have clicked on Allow Always button. It's that simple.
Comment 8 Marco Costantini 2007-07-14 16:42:21 UTC
Consider the following scenario: an user has wallet open (this is normal, as used by kmail). 
The user get distracted for a moment, and leaves the PC unlocked, and the wallet open (once in a while it may happen, even if the user is usually careful).
Then everyone that comes thereby can read or change the usernames and passwords, very quickly, without installing or modifying anything, and without any technical knowledge, and can quickly delete any evidence simply closing one window, when the legitimate user is coming back.

Hence my proposal is that kwalletmanager asks again the same password that is used to open a wallet before allowing to change a wallet's master password, or showing the clear text content, or allowing the user to modify it.

This would be similar to login. After having provided the username and password, the user is allowed to do everything, except to change the password. In order to change the password, the user is user is required to provide the password again.

Of course, if kwalletmanager asks again the password, this doesn't prevent more complex attacks, but is very effective against the naive ones.


(Note that this bug may be related to bugs 115011 and 80063.)
Comment 9 Carsten Schlipf 2007-07-14 18:32:40 UTC
What Marco described is exactly what I considered what should be normal behavior of KWalletManager
Comment 10 Carsten Schlipf 2007-07-14 18:39:45 UTC
BTW: The password manager of Firefox does exactly that: It asks for the master password again just before displaying the cleartext password. If there is a need for a DCOP call, the DCOP call should always ask for the password, although this will limit that use for scenarios, where a user is logged in. Otherwise we have a security issue that prevents me from using KWallet.