KWallet

KDE Wallet Manager
Developer(s)	KDE
Stable release	5.247.0 / 20 December 2023
Repository	github.com/KDE/kwallet
Written in	Mainly C++ (Qt), some C
Operating system	Cross-platform
Type	Password manager ; Linux on the desktop ;
License	Various LGPL
Website	apps.kde.org/kwalletmanager5/

Last updated August 04, 2024

KDE Wallet Manager (KWallet) is free and open-source password management software written in C++ for UNIX-style operating systems. KDE Wallet Manager runs on a Linux-based OS and Its main feature is storing encrypted passwords in KDE Wallets.^[2] The main feature of KDE wallet manager (KWallet) is to collect user's credentials such as passwords or IDs and encrypt them through Blowfish symmetric block cipher algorithm or GNU Privacy Guard encryption.

Installation

KDE Wallet Manager (KWallet) requires a Linux-based OS and the KDE Software Compilation desktop environment such as Kubuntu.^[3]

Browser extensions

KDE Wallet manager (KWallet) can be integrated with various web browsers including Chrome, Opera, and Edge.

To use KDE Wallet manager (KWallet) integration on Google Chrome or any other Chromium based browsers, user needs to run the browser with argument --password-store=kwallet5 or --password-store=detect .^[4]

Historically, there was a standalone add-on available for Firefox. This addon allows users to store passwords internally through KDE Wallet manager (KWallet) instead of the default Firefox password manager.

Since the release of Firefox v57 and the migration from XUL based extension to WebExtensions, there has been no attempt to make a new add-on to support the new Firefox.

Konqueror and Falkon, the official web browser of the K Desktop Environment (KDE) features KDE Wallet manager (KWallet) to store sensitive passwords encrypted.

API

KDE Wallet Manager’s APIs trigger authentication events when the application makes a request through Desktop Communications protocol (DCOP), which is KDE’s primary interprocess communication (IPC) mechanism, which causes a password dialog box to be displayed for the application. This causes the password dialog box to be launched by the KDE daemon process. Users can choose either to cancel the dialog box which will terminate the application or to fill the password box in. If the password box is filled, the Wallet will automatically open. KDE Wallet Manager’s Desktop communications protocol (DCOP) can only be accessed locally because it is an interprocess communication (IPC) protocol that is processed over UNIX local sockets.^[5]

GUI

On KDE Wallet Manager’s GUI, users can manage every wallet and password assigned to them.

KDE Wallet Manager allows users to save or delete Wallets and users can identify which wallet applications should look in when attempting to access a stored password.^[5]

These are the lists of actions that users can take on the GUI of KDE Wallet manager (KWallet):

Create new Wallet
Change the default Wallet
Lock the Wallet
Store passwords to a Wallet
Unlock the password of the Wallet
Update the information on a Wallet
View stored passwords in the Wallet^[5]

Wallets

The Wallet is a term for password storage used in KDE Wallet Manager software. Wallets can be created manually by the user or It is offered by dialogue when the user enters in a password on any KDE desktop environment or website. Once created, Wallet can store various passwords and It is controlled by one master password. This way users do not have to remember various passwords, instead, they can just manage them by memorizing one master password for the wallet. The default Wallet is named “kdewallet” and users can create more of their own if needed.

Managing wallets

Users can manage wallets on their own KDE Wallet Manager window. Packaging or combining wallets can be done by dragging and dropping. If the user wants to export information to other locations such as flash drives, the window allows for the user to choose whether to export data encrypted or not. Providing the master password, the user can similarly import the data encrypted.

Setting preference of wallets is also possible, user can set certain wallets to be the default wallet. The close wallet setting enables the user to close the wallet after:

Close when unused for
Close when the screensaver starts
Close when the application stops using it

Encryption of the password

The data stored by the KDE Wallet manager can be encrypted in two major ways. The GNU Privacy Guard (GnuPG or GPG) algorithm is used if GnuPG Made Easy library is installed on the user’s Linux-based OS. If not, Blowfish symmetric block cipher algorithm is used.^[6]

The encryption methods of KWallet. Method.PNG — The encryption methods of KWallet.

Blowfish symmetric block cipher algorithm

KDE Wallet manager encrypts the data stored in the wallet using the Blowfish symmetric block cipher algorithm in CBC mode. To protect the user’s information, blowfish encrypted data is authenticated with the SHA-1 hashing algorithm.

KDE Wallet manager’s blowfish encryption provides faster encryption compared to Khufu, RC5, DES, IDEA, and Trip-DES. Blowfish encrypts at a rate of 18 clock cycles per byte in 32-bit microprocessors.

KDE Wallet manager’s Blowfish algorithm can be executed in memory within 5k, and a simple structure is easy to implement and easy to determine the strength of the algorithm. The algorithm is variable in key length, which can be long as 448 bites and it allows basic word addition and bit XOR operations.^[7]

GNU Privacy Guard encryption

Users can create a GNU Privacy Guard (GnuPG or GPG) based wallet to store extra-sensitive passwords. This requires users to install GnuPG Made Easy library. If the library is installed and once the software found GNU Privacy Guard (GnuPG or GPG), users will be asked to choose a key to use for a new wallet.^[6] User stil can encrypt passwords with Blowfish symmetric block cipher algorithm since GNU Privacy Guard encrtpytion library includes DSA/Blowfish symmetric block cipher algorithm.^[8]

Security of KDE Wallet manager

Using KDE Wallet manager (KWallet) may ease the management of the passwords but It does not provide greater security conditions to user's system. Instead of getting user's other passwords, attackers may get the master password for user's wallets through user's PC.

Since the directory of encrypted files of KDE wallet manager (KWallet) are located in predictable files, It might be vulnerable to viruses or worms those are programmed to aim password management system itself.^[5]

Known vulnerabilities

The SHA-1 hash function that is used in KDE Wallet manager (KWallet) is cryptographically broken. Google and CWI Amsterdam have proved that two identical SHA-1 digest displays two different PDF content. Various companies, including Microsoft, has discontinued SHA-1 supports; however, KDE Wallet manager (KWallet) uses SHA512 in versions higher than 4.13 or with Pluggable authentication module or it uses SHA-1 hash function.
"kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack." ^{[ citation needed ]}
"fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password." ^{[ citation needed ]}
"kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack." ^{[ citation needed ]}
"SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation."^[9]
"An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution."^[10]
"GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."^[11]
"A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18."^[12]
"GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE."^[13]
"Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow."^[14]
"Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."^[15]
"mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "—status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes."^[16]
"The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed."^[17]
"Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt."^[18]
"GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection."^[19]
"mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "—status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes."^[20]
"The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits."^[21]
"kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."^[22]

Notes

↑ LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-or-later, and LGPL-3.0-or-later.

Related Research Articles

Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in many cipher suites and encryption products. Blowfish provides a good encryption rate in software, and no effective cryptanalysis of it has been found to date for smaller files. It is recommended Blowfish should not be used to encrypt files larger than 4GB in size, Twofish should be used instead.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.

GNU Privacy Guard is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP v4-compliant systems.

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of a Diffie–Hellman key exchange into a symmetric key for use with AES. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.

In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

The following tables compare general and technical features of notable email client programs.

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network is often referred to as remote code execution.

Seahorse is a GNOME front-end application for managing passwords, PGP and SSH keys. Seahorse integrates with a number of apps including Nautilus file manager, Epiphany browser and Evolution e-mail suite. It has HKP and LDAP key server support.

GNOME Keyring is a software application designed to store security credentials such as usernames, passwords, and keys, together with a small amount of relevant metadata. The sensitive data is encrypted and stored in a keyring file in the user's home directory. The default keyring uses the login password for encryption, so users don't need to remember another password.

In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable enough to allow password cracking, and key stretching is intended to make such attacks more difficult by complicating a basic step of trying a single password candidate. Key stretching also improves security in some real-world applications where the key length has been constrained, by mimicking a longer key length from the perspective of a brute-force attacker.

A password manager is a computer program that allows users to store and manage their passwords for local applications or online services such as web applications, online shops or social media. A web browser generally has a built in version of a password manager. These have been criticized frequently as many have stored the passwords in plaintext, allowing hacking attempts.

FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile, it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker.

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

<span class="mw-page-title-main">YubiKey</span> Hardware authentication device

The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. Some password managers support YubiKey. Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.

pass is a password manager inspired by the Unix philosophy. It has a command-line interface, and uses GnuPG for encryption and decryption of stored passwords.

SigSpoof is a family of security vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998. Several other software packages that make use of GnuPG were also affected, such as Pass and Enigmail.

References

↑ "v5.247.0" . Retrieved 9 January 2024.
↑ Zhang, Jie; Luo, Xin; Akkaladevi, Somasheker; Ziegelmayer, Jennifer (2009). "Improving multiple-password recall: an empirical study". European Journal of Information Systems. 18 (2): 165–176. doi:10.1057/ejis.2009.9. ISSN 0960-085X. S2CID 7244341.
↑ Gray, Joshua; Franqueira, Virginia N. L.; Yu, Yijun (2016). "Forensically-Sound Analysis of Security Risks of Using Local Password Managers". 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW) (PDF). Beijing, China: IEEE. pp. 114–121. doi:10.1109/REW.2016.034. ISBN 978-1-5090-3694-3. S2CID 15971740.
↑ Toman, Zinah Hussein; Toman, Sarah Hussein; Hazar, Manar Joundy (2019). "An In-Depth Comparison Of Software Frameworks For Developing Desktop Applications Using Web Technologies". Journal of Southwest Jiaotong University. 54 (4). doi: 10.35741/issn.0258-2724.54.4.1 . ISSN 0258-2724. S2CID 209057621.
1 2 3 4 Mulligan, J.; Elbirt, A. J. (2005). "Desktop Security and Usability Trade-Offs: An Evaluation of Password Management Systems". Information Systems Security. 14 (2): 10–19. doi:10.1201/1086/45241.14.2.20050501/88289.3. ISSN 1065-898X. S2CID 21253225.
1 2 Dudášová, Ludmila; Vaculík, Martin; Procházka, Jakub (2021-12-29). "Psychologický kapitál v pracovní, klinické a školní psychologii: přehledová studie". Ceskoslovenska Psychologie. 65 (6): 558–574. doi: 10.51561/cspsych.65.6.558 . ISSN 0009-062X. S2CID 245578091.
↑ Mousa, A. (2005). "Data encryption performance based on Blowfish". 47th International Symposium ELMAR, 2005. IEEE. pp. 131–134. doi:10.1109/elmar.2005.193660. ISBN 953-7044-04-1. ISSN 1334-2630. S2CID 21814142.
↑ Aghili, Hamed (2018-07-26), "Improving Security Using Blow Fish Algorithm on Deduplication Cloud Storage", Fundamental Research in Electrical Engineering, Lecture Notes in Electrical Engineering, vol. 480, Singapore: Springer Singapore, pp. 723–731, doi:10.1007/978-981-10-8672-4_54, ISBN 978-981-10-8671-7, S2CID 69654258 , retrieved 2022-05-27
↑ "NVD - CVE-2005-4900". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2018-12356". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2020-25125". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2019-14855". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2013-4576". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2014-9087". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2010-2547". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2018-12020". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2005-0366". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2006-6169". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2007-1263". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2018-12020". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2016-6313". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .
↑ "NVD - CVE-2015-1607". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[2] LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-or-later, and LGPL-3.0-or-later.

[wikidata-e18f753a5d13f7fb7f00a5c6c98fce5cddeb9050-v13-1] "v5.247.0" . Retrieved 9 January 2024.

[3] Zhang, Jie; Luo, Xin; Akkaladevi, Somasheker; Ziegelmayer, Jennifer (2009). "Improving multiple-password recall: an empirical study". European Journal of Information Systems. 18 (2): 165–176. doi:10.1057/ejis.2009.9. ISSN 0960-085X. S2CID 7244341.

[4] Gray, Joshua; Franqueira, Virginia N. L.; Yu, Yijun (2016). "Forensically-Sound Analysis of Security Risks of Using Local Password Managers". 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW) (PDF). Beijing, China: IEEE. pp. 114–121. doi:10.1109/REW.2016.034. ISBN 978-1-5090-3694-3. S2CID 15971740.

[5] Toman, Zinah Hussein; Toman, Sarah Hussein; Hazar, Manar Joundy (2019). "An In-Depth Comparison Of Software Frameworks For Developing Desktop Applications Using Web Technologies". Journal of Southwest Jiaotong University. 54 (4). doi: 10.35741/issn.0258-2724.54.4.1 . ISSN 0258-2724. S2CID 209057621.

[:0-6] 1 2 3 4 Mulligan, J.; Elbirt, A. J. (2005). "Desktop Security and Usability Trade-Offs: An Evaluation of Password Management Systems". Information Systems Security. 14 (2): 10–19. doi:10.1201/1086/45241.14.2.20050501/88289.3. ISSN 1065-898X. S2CID 21253225.

[:1-7] 1 2 Dudášová, Ludmila; Vaculík, Martin; Procházka, Jakub (2021-12-29). "Psychologický kapitál v pracovní, klinické a školní psychologii: přehledová studie". Ceskoslovenska Psychologie. 65 (6): 558–574. doi: 10.51561/cspsych.65.6.558 . ISSN 0009-062X. S2CID 245578091.

[8] Mousa, A. (2005). "Data encryption performance based on Blowfish". 47th International Symposium ELMAR, 2005. IEEE. pp. 131–134. doi:10.1109/elmar.2005.193660. ISBN 953-7044-04-1. ISSN 1334-2630. S2CID 21814142.

[9] Aghili, Hamed (2018-07-26), "Improving Security Using Blow Fish Algorithm on Deduplication Cloud Storage", Fundamental Research in Electrical Engineering, Lecture Notes in Electrical Engineering, vol. 480, Singapore: Springer Singapore, pp. 723–731, doi:10.1007/978-981-10-8672-4_54, ISBN 978-981-10-8671-7, S2CID 69654258 , retrieved 2022-05-27

[10] "NVD - CVE-2005-4900". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[11] "NVD - CVE-2018-12356". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[12] "NVD - CVE-2020-25125". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[13] "NVD - CVE-2019-14855". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[14] "NVD - CVE-2013-4576". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[15] "NVD - CVE-2014-9087". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[16] "NVD - CVE-2010-2547". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[17] "NVD - CVE-2018-12020". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[18] "NVD - CVE-2005-0366". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[19] "NVD - CVE-2006-6169". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[20] "NVD - CVE-2007-1263". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[21] "NVD - CVE-2018-12020". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[22] "NVD - CVE-2016-6313". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[23] "NVD - CVE-2015-1607". nvd.nist.gov. Retrieved 2022-05-27. This article incorporates text from this source, which is in the public domain .

[1]

[lower-alpha 1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

v t e Password managers
Proprietary	1Password Apple Passwords Dashlane Enpass Intuitive Password Keeper LastPass Microsoft Autofill Myki NordPass Pleasant Password Server RoboForm SafeInCloud
Open source	Bitwarden Factotum GNOME Keyring KeePass KeePassXC KeeWeb Keychain KWallet OnlyKey Pass Password Safe Proton Pass Seahorse
Discontinued	Encryptr Firefox Lockwise Gator eWallet KeePassX KYPS Mitro Offer Assistant
Category List of password managers


Developer(s)	KDE

Stable release	5.247.0^[1] / 20 December 2023

Repository	github.com/KDE/kwallet
Written in	Mainly C++ (Qt), some C
Operating system	Cross-platform
Type	Password manager Linux on the desktop
License	Various LGPL ^{[lower-alpha 1]}
Website	apps.kde.org/kwalletmanager5/