The uninvitedConnectionsPassword is written to ~/.kde/share/config/krfbrc in plaintext Reproducible: Always Steps to Reproduce: 1. In krfb, go to Settings -> Configure Desktop Sharing 2. Check the box "Allow uninvited connections" 3. Enter a password in the "Uninvited connections password" field, and click Apply 4. in a terminal, grep uninvited ~/.kde/share/config/krfbrc Actual Results: Recover your password by reading it directly from the file (convenient!) ;-) Expected Results: The password should be stored in an encrypted form, similar to the [Invitation_N] password= config option ~$ cat ./.kde/share/config/krfbrc [Invitation_0] creation=2014,10,28,10,9,31 expiration=2014,10,28,11,9,31 password=ᅳᄃᄡ↓→│ᅨ [Invitations] invitation_num=1 [MainWindow] State=AAAA/wAAAAD9AAAAAAAAAiYAAAEhAAAABAAAAAQAAAAIAAAACPwAAAAA ToolBarsMovable=Disabled [Security] allowUninvitedConnections=true askOnConnect=false uninvitedConnectionPassword=plaintextPassword!
This problem still exists in recent krfb versions (17.12). The uninvited password is now stored in ~/.vnc/passwd .
passwords are stored in kwallet since.. long ago