https://bugs.kde.org/show_bug.cgi?id=509696
Bug ID: 509696
Summary: Security/Vulnerability hole in Online Accounts >
Google Web Authentication
Classification: Applications
Product: systemsettings
Version First 5.27.12
Reported In:
Platform: Kubuntu
OS: Linux
Status: REPORTED
Severity: grave
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 185109
--> https://bugs.kde.org/attachment.cgi?id=185109&action=edit
Shows possible vulnerability of entering google email/password into app
SUMMARY
I want to add Google Drive and when I goto Settings > Online Accounts and
choose Google I am presented with an entry screen to enter my email and
password. This screen does not show a URL or any indication it is a browser
based screen served by Google. I refuse to use it, because I would be exposing
myself to a KDE app providing my email and password which could in theory be
sent to a 3rd party. I need the ability to know this a screen generated by
google through my default browser, in my case it is Chrome.
STEPS TO REPRODUCE
1. Settings
2. Online Accounts
3. Google (Web authentication)
OBSERVED RESULT
Asks for emai and password
EXPECTED RESULT
Should open the default browser so that the URL and page source can be
observed.
Should allow logging in using the google browser security manager.
SOFTWARE/OS VERSIONS
Operating System: Kubuntu 24.04
KDE Plasma Version: 5.27.12
KDE Frameworks Version: 5.115.0
Qt Version: 5.15.13
Kernel Version: 6.8.0-83-generic (64-bit)
--
You are receiving this mail because:
You are watching all bug changes.
