Bugzilla – Bug 1171430
VUL-1: CVE-2020-12755: kio-extras5: improper handling of keepPassword option may lead to unintended KWallet storage of a password
Last modified: 2022-05-09 12:05:29 UTC
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through
20.04.0 makes a cacheAuthentication call even if the user had not set the
keepPassword option. This may lead to unintended KWallet storage of a password.
Fixed years ago