https://bugs.kde.org/show_bug.cgi?id=409400
Dmytro Kostiuchenko <e...@archlinux.us> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |e...@archlinux.us
--- Comment #3 from Dmytro Kostiuchenko <e...@archlinux.us> ---
I wanted to elaborate on this, which hopefully will make the issue more
critical.
The list of networks will update even after a user started typing the password.
This is a mild *security risk*, as the password, this way, can be revealed to a
malicious party.
Steps to reproduce:
- open the applet, click on a network X, start typing the password
- force the list order update
- either by introducing a new network with a stronger signal; or
- by reducing the signal of the network X
Actual result
- the password input form stays on the same index in the list as before the
update, although a new network is placed at that index now.
Confirming the password will attempt a connection to the incorrect network
Expected result
- the password input form is bound to the network name rather than index in the
list
--
You are receiving this mail because:
You are watching all bug changes.
