this post was submitted on 16 Jan 2024
15 points (100.0% liked)
KDE
5389 readers
136 users here now
KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.
Plasma 6 Bugs
If you encounter a bug, proceed to https://bugs.kde.org, check whether it has been reported.
If it hasn't, report it yourself.
PLEASE THINK CAREFULLY BEFORE POSTING HERE.
Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's how you create a flaw in your password manager and makes it pointless
In that case Kwallet needs to be fixed. If kwallet is safe, this is safe.
But you can decide how a tool can be safe that allows to extract passwords just like that.
But you just made the use of password manager pointless.
The point of a password manager is to use as a vault that opens only when you type your password, retrieve what you need and then lock it again.
Keeping it open always is unsecure, cause once your system or kwallet is exploited, your password will be exposed immediatly.
Anyway, if you wanna use Kwallet as your vault, it's much safer using KeepassXC native function Secret Agent.
Well, finding and reading this file definitely takes some effort, but an attacker can get your passwords that way as long as kwallet is unlocked.
They just need to run
kwallet-query -r KeepassXC kdewallet
to get the password and then download~/passwords.kdbx