https://bugs.kde.org/show_bug.cgi?id=467900
Bug ID: 467900
Summary: Security concern for login in with KDE Online Accounts
Classification: Frameworks and Libraries
Product: kio-gdrive
Version: 22.08.1
Platform: Other
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: general
Assignee: elvis.angelac...@kde.org
Reporter: siloco...@gmail.com
Target Milestone: ---
Created attachment 157675
--> https://bugs.kde.org/attachment.cgi?id=157675&action=edit
KDE Online Account popup hard to identify target or browser.
The issue is when I want to connect KDE Online Accounts and I get what looks
like the Google login page. The login page should be a separate browser based
window showing the complete google url that you want to use to connect.
Currently it is just a plain popup which means I have no way of trusting it
with my password that in fact it is KDE's Online Accounts popup or someone
else's man in the middle popup as KDE.
Here is the example signup window I am talking about:
[url]https://ibb.co/HNkMLFd[/url]
Normally when I connect accounts using google, Chrome or some other legit
browser pops up with the full URL displayed at the top that you can verify the
request is going to Google for authentication.
I think it should looks something like this. Notice how it is a browser window
with full URL in display.
https://ibb.co/zm53QT8
Is there possibly another way to connect the KDE Online Account that clearly
shows a legitimate browser and it's URL.
--
You are receiving this mail because:
You are watching all bug changes.
