https://bugs.kde.org/show_bug.cgi?id=409400
Dmytro Kostiuchenko <e...@archlinux.us> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |e...@archlinux.us --- Comment #3 from Dmytro Kostiuchenko <e...@archlinux.us> --- I wanted to elaborate on this, which hopefully will make the issue more critical. The list of networks will update even after a user started typing the password. This is a mild *security risk*, as the password, this way, can be revealed to a malicious party. Steps to reproduce: - open the applet, click on a network X, start typing the password - force the list order update - either by introducing a new network with a stronger signal; or - by reducing the signal of the network X Actual result - the password input form stays on the same index in the list as before the update, although a new network is placed at that index now. Confirming the password will attempt a connection to the incorrect network Expected result - the password input form is bound to the network name rather than index in the list -- You are receiving this mail because: You are watching all bug changes.