https://bugs.kde.org/show_bug.cgi?id=360041
Bug ID: 360041 Summary: Wallet password change ignored by KRDC. Product: krdc Version: unspecified Platform: Archlinux Packages OS: Linux Status: UNCONFIRMED Severity: major Priority: NOR Component: RDP Assignee: uwol...@kde.org Reporter: tunaira...@yahoo.co.uk Using KRDC 4.14.16 on Manjaro. Any connection that I set to store the password with kwallet ignores if I change the password for the wallet. Other application detect that the wallet had its password changed, but not KRDC. The wallet is then in an inconsistent state, because the other applications are able to connect to it with the new password while KRDC is only able to connect to it with the old password. Deleting the wallet does not help either, nor does creating a new wallet. KRDC always asks for the same default wallet and ignores any change to it. This is a security bug. The passwords have been changed following security procedures, but a user with the old password can still log in through KRDC. The solution for now is to disable the wallet for each connection. Reproducible: Always Steps to Reproduce: 1. Create a RDP connection set to store the password in a wallet. 2. Login normally and quit. 3. Change the wallet password. 4. Reopen KRDC and try to login in with the new password. Actual Results: KRDC will only accept the old password, even though it was changed. This will persist even after rebooting or killing the wallet daemon and relaunching it. Expected Results: KRDC should pick up the new password and require it instead. I'm running Manjaro 15.12 update 2016-02-29. -- You are receiving this mail because: You are watching all bug changes.