https://bugs.kde.org/show_bug.cgi?id=437901
Bug ID: 437901 Summary: Klipper security risks Product: plasmashell Version: 5.21.5 Platform: Other OS: Linux Status: REPORTED Severity: major Priority: NOR Component: Clipboard Assignee: plasma-b...@kde.org Reporter: med.medin.2...@gmail.com Target Milestone: 1.0 Klipper save copied items permanently in "~/.local/share/klipper/history2.lst" without applying any kind of encryption, and those items persist across multiple logins/reboots, so any previously copied password will always be available and easy to find by any malicious script or program downloaded by user, this is considered high risk for most average users. I know copying passwords should be done from specialized apps that clear copied passwords from clipboard after certain timeout, or not even use system clipboard manager and consume ctrl+v and paste events/actions to provide copied passwords. But in Plasma we lack any kind of integrated app or widget that manages saving/copying logins and passwords. In other systems that have simple clipboard manager this problem has lower risk because the clipboard is replaced after any new copy (because all happen in volatile memory) and it's cleared after rebooting or logging out so the high sensible data are lost. NB: I found plasma-pass widget that could be improved to solve this problem but for now it clears the whole clipboard after certain timeout. -- You are receiving this mail because: You are watching all bug changes.