Security: Don't copy passwords to remote clients
When copying a password to the clipboard, password managers can set the additional mime type "x-kde-passwordManagerHint" to tell klipper not to insert secrets into its history. This change adds an option to VNC connections to prevent krdc from copying passwords to remote clients by checking the mime type before sending clipboard contents. Test: Open a krdc connection to a remote client. Check the checkbox "Don't copy passwords from supported password managers to remote" in the VNC connection setup dialog. On the local machine, run the password manager keepassxc, which is known to set "x-kde-passwordManagerHint". Select an entry from your password list and copy the password into the clipboard by pressing Ctrl-C. Locally, the password will stay in clipboard for about 10 seconds but will not be inserted into klipper's history. Check the clipboard on the remote machine. With the option unchecked the password will be there and in klipper's history, with the ...
Showing with 35 additions and 0 deletions