266139 – Kwallet can be accessed with two different passwords

Bug 266139 - Kwallet can be accessed with two different passwords

Summary: Kwallet can be accessed with two different passwords

Status:	RESOLVED FIXED

Alias:	None

Product:	kwalletmanager
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	openSUSE Linux

Importance:	NOR major
Target Milestone:	---
Assignee:	Valentin Rusu

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-02-12 15:26 UTC by Georg
Modified:	2021-03-18 21:43 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Georg 2011-02-12 15:26:21 UTC

Version:           unspecified (using KDE 4.4.4) 
OS:                Linux

If a Kwallet is encrypted with a password of 32 characters which is build by repetition of a 16 characters string. Then it's possible to open the wallet with the half password.



Reproducible: Always

Steps to Reproduce:
Create a wallet with a password of 32 characters e.g. "12345678901234561234567890123456" build by repetition of a 16 characters string. 

Actual Results:  
You can open the wallet with the first 16 characters as well. In this example with "1234567890123456".


Expected Results:  
Kwallet should be accessed by only one unique password.

none

Comment 1 Samuel Brack 2011-02-13 21:47:51 UTC

I can confirm this using KWallet 1.7 in KDE 4.6, changing severity to major. Seems to be a security issue.

Comment 2 Justin Zobel 2021-03-10 00:32:33 UTC

Thank you for the bug report.

As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists.

If this bug is no longer persisting or relevant please change the status to resolved.

Comment 3 Georg 2021-03-18 21:43:35 UTC

The problem disappeared