You are only browsing one thread in the discussion! All comments are available on the post page.
Return
BaalInvoker , 5 months ago That’s how you create a flaw in your password manager and makes it pointless
That’s how you create a flaw in your password manager and makes it pointless
Pantherina OP , 5 months ago In that case Kwallet needs to be fixed. If kwallet is safe, this is safe. But you can decide how a tool can be safe that allows to extract passwords just like that.
In that case Kwallet needs to be fixed. If kwallet is safe, this is safe.
But you can decide how a tool can be safe that allows to extract passwords just like that.
BaalInvoker , 5 months ago But you just made the use of password manager pointless. The point of a password manager is to use as a vault that opens only when you type your password, retrieve what you need and then lock it again. Keeping it open always is unsecure, cause once your system or kwallet is exploited, your password will be exposed immediatly. Anyway, if you wanna use Kwallet as your vault, it’s much safer using KeepassXC native function Secret Agent.
But you just made the use of password manager pointless.
The point of a password manager is to use as a vault that opens only when you type your password, retrieve what you need and then lock it again.
Keeping it open always is unsecure, cause once your system or kwallet is exploited, your password will be exposed immediatly.
Anyway, if you wanna use Kwallet as your vault, it’s much safer using KeepassXC native function Secret Agent.
basxto , 2 months ago Well, finding and reading this file definitely takes some effort, but an attacker can get your passwords that way as long as kwallet is unlocked. They just need to run kwallet-query -r KeepassXC kdewallet to get the password and then download ~/passwords.kdbx
Well, finding and reading this file definitely takes some effort, but an attacker can get your passwords that way as long as kwallet is unlocked.
They just need to run kwallet-query -r KeepassXC kdewallet to get the password and then download ~/passwords.kdbx
kwallet-query -r KeepassXC kdewallet
~/passwords.kdbx