https://bugs.kde.org/show_bug.cgi?id=360041
Bug ID: 360041
Summary: Wallet password change ignored by KRDC.
Product: krdc
Version: unspecified
Platform: Archlinux Packages
OS: Linux
Status: UNCONFIRMED
Severity: major
Priority: NOR
Component: RDP
Assignee: uwol...@kde.org
Reporter: tunaira...@yahoo.co.uk
Using KRDC 4.14.16 on Manjaro.
Any connection that I set to store the password with kwallet ignores if I
change the password for the wallet. Other application detect that the wallet
had its password changed, but not KRDC.
The wallet is then in an inconsistent state, because the other applications are
able to connect to it with the new password while KRDC is only able to connect
to it with the old password.
Deleting the wallet does not help either, nor does creating a new wallet. KRDC
always asks for the same default wallet and ignores any change to it.
This is a security bug. The passwords have been changed following security
procedures, but a user with the old password can still log in through KRDC. The
solution for now is to disable the wallet for each connection.
Reproducible: Always
Steps to Reproduce:
1. Create a RDP connection set to store the password in a wallet.
2. Login normally and quit.
3. Change the wallet password.
4. Reopen KRDC and try to login in with the new password.
Actual Results:
KRDC will only accept the old password, even though it was changed. This will
persist even after rebooting or killing the wallet daemon and relaunching it.
Expected Results:
KRDC should pick up the new password and require it instead.
I'm running Manjaro 15.12 update 2016-02-29.
--
You are receiving this mail because:
You are watching all bug changes.
