https://bugs.kde.org/show_bug.cgi?id=402936
Bug ID: 402936
Summary: Usernames and passwords are stored for autofill as
plain text in sqlite database which is the default
option
Product: Falkon
Version: unspecified
Platform: Other
OS: FreeBSD
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: now...@gmail.com
Reporter: phoenix_fire...@yahoo.com
Target Milestone: ---
SUMMARY
The usernames and passwords we enter in websites are stored for autofill as
plain text in unencrypted sqlite database which is a security risk. There is
not even a notification to the user about passwords stored a plain text. We
should store the login credentials in an encrypted database by default or at
least enable the kde wallet extension by default. If not the user should be
warned after he chooses to store the login credentials as plain text. IMHO the
unencrypted database option should be removed.
STEPS TO REPRODUCE
1. login to a website with your login credentials
2. check the table autofill in browsedata.db database file at
~/.config/falkon/profiles/default/ for usernames and passwords stored as plain
text.
EXPECTED RESULT
Secure storage of website login credentials in an encrypted database by default
SOFTWARE/OS VERSIONS
Falkon version: 3.0.0
OS: FreeBSD
QtWebEngine: 5.9.5
--
You are receiving this mail because:
You are watching all bug changes.
