Version: unspecified (using KDE 4.4.4) OS: Linux If a Kwallet is encrypted with a password of 32 characters which is build by repetition of a 16 characters string. Then it's possible to open the wallet with the half password. Reproducible: Always Steps to Reproduce: Create a wallet with a password of 32 characters e.g. "12345678901234561234567890123456" build by repetition of a 16 characters string. Actual Results: You can open the wallet with the first 16 characters as well. In this example with "1234567890123456". Expected Results: Kwallet should be accessed by only one unique password. none
I can confirm this using KWallet 1.7 in KDE 4.6, changing severity to major. Seems to be a security issue.
Thank you for the bug report. As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists. If this bug is no longer persisting or relevant please change the status to resolved.
The problem disappeared