Unable to update kwallet passwords (kwallet5/4 issue?)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| kwalletmanager (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
I have recently updated to Kubuntu 15.04. Using kwalletmanager 4:14.12.3-0ubuntu1.
I have deleted my ~/.kde prefix beforehand in order to avoid migration issues. I have created a new wallet -- also running into the "empty wallet migration" problem (bug 1434052).
When opening "KWalletManager" nor the command line tool "kwalletcli", I can change the password of my wallet, but it has no effect. It seems that the wallet is not in use, since it is not "open" and not in use by any application.
Doing some research [1], I realised that there are KWalletd versions 4 and 5 running in parallel. I suspect that I have created one wallet on kwalletd4 and one on kwalletd5 and all the tools are only working with the version 4:
$ ps -Af | grep wallet
markus 978 970 0 21:05 ? 00:00:00 [kwalletd] <defunct>
markus 1278 1 0 21:05 ? 00:00:00 /usr/bin/kwalletd --pam-login 17 20
markus 1581 1 0 21:06 ? 00:00:00 /usr/bin/kwalletd5
Steps to reproduce:
1. Create new user
2. Perform wallet migration (unsure if necessary)
3. Start Kwallet5-enabled application (like connecting to a WiFi)
4. create Wallet with some password
5a. start KWalletManager and change password of wallet, or
5b. use kwalletcli to change password
6. try to use new password
Expected result: password is changed
Actual result: password remains unchanged
Security implications: I'm marking this as security issue since being unable to change a password is a problem for protecting sensitive data.
[1] https:/
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: kwalletmanager 4:14.12.3-0ubuntu1
ProcVersionSign
Uname: Linux 3.19.0-15-generic x86_64
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
CurrentDesktop: KDE
Date: Sun Apr 26 21:15:27 2015
InstallationDate: Installed on 2015-04-25 (1 days ago)
InstallationMedia: Kubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
SourcePackage: kwalletmanager
UpgradeStatus: No upgrade log present (probably fresh install)
| summentier (markus-wallerberger) wrote | #1 |
| information type: | Private Security → Public |
| Florian (f-esser-m) wrote | #2 |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in kwalletmanager (Ubuntu): | |
| status: | New → Confirmed |
| Luca Olivetti (olivluca) wrote | #4 |
Similar problem here:
* did a fresh Kubuntu 15.04 reinstall
* logged in for the first time --> "empty wallet migration"
* when KWallet asked for a password, I entered the same password I used in 14.10.
* tried to import my old wallet by cp'ing: ~/.kde/
When I start KWalletManager, I can use my old password to open the wallet and see all my passwords there.
Sadly, NetworkManager did not recognize any of the stored passwords, so I had to re-enter my wifi password.
Now the strange things start:
* changed KWallet password in KWalletManager
* rebooted
* on login: owncloud-client asks for KWallet access, entered *new* password --> OK
- `ps -Af | grep wallet` shows only the first two lines of markus' post above (without kwalletd5)
* on wifi connect:
- NetworkManager asks for KWallet access
- entered *new* password --> fail
- entered *old* password --> OK
- `ps -Af | grep wallet` shows the same as in markus' post above (including kwalletd5)
When I look into KWalletManager, I still have only my old Wifi passwords there, the new connection is nowhere to be found (checked with the connections uuid from /etc/NetworkMan
So it seems to me that NetworkManager and Owncloud are using different KWallets. (Owncloud: 4, NetworkManager: 5)
Furthermore (and here I see the actual problem!) KWalletManager seems to only access KWallet4, so I don't have a way to see my credentials stored in KWallet5.