https://bugs.kde.org/show_bug.cgi?id=517735
Bug ID: 517735
Summary: Automatic updates results in password prompts popping
up
Classification: Applications
Product: Discover
Version First unspecified
Reported In:
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: Updates
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Target Milestone: ---
SUMMARY
Enabling automatic updates in the KDE system settings leads to password prompts
regularly popping up. Updates won't be installed if you don't enter your
password into one of these windows, which you can't check for legitimacy.
(If this is a Kubuntu issue, please close this and I will file a bug
downstream)
STEPS TO REPRODUCE
1. Set updates to automatic (rather than manual) in KDE system settings
2. Wait and observe
OBSERVED RESULT
Password prompts will pop up regularly, requiring you to type your password
into any random window that just spawned which you can't check for legitimacy,
which is not something you should ever do.
EXPECTED RESULT
Password might be asked for maybe once, when changing the setting (then, your
"proof" for the password window being legit would be the timing – a potential
attacker could still attempt to time a fake password window correctly, but this
should be much harder. The general problem of password prompts not being
recognisable as trustworthy is much larger and out of scope for this ticket).
Updating service should run with the required permissions.
SOFTWARE/OS VERSIONS
Operating System: Kubuntu 25.10
KDE Plasma Version: 6.4.5
KDE Frameworks Version: 6.17.0
Qt Version: 6.9.2
--
You are receiving this mail because:
You are watching all bug changes.
