Keepassxc-browser: KeepassXC browser fills search fields since 1.1.4

Created on 10 Jun 2018  路  7Comments  路  Source: keepassxreboot/keepassxc-browser

Current Behavior

KeepassXC fills the following input field with my username, since 1.1.4:

<input name="search" id="search" value="enable_puppetlabs_pc1_repo" placeholder="Filter ..." class="autocomplete-input form-control ui-autocomplete-input" data-url="/hosts/auto_complete_search" autocomplete="off" data-cip-id="search" type="text">

It seems the code only looks for data-cip-id. However, that is set to search here, so it's for sure not a username field.

Possible Solution

Add logic to check the actual value of data-cip-id.

Steps to Reproduce (for bugs)

This happens in the Foreman user interface (i.e. if installing the software from https://www.theforeman.org/ ), but likely also at many other places.

Debug info

KeePassXC - 2.3.3
keepassxc-browser - 1.1.4
Operating system: Linux
Browser: Firefox
Proxy used: YES

PR pending bug
Source
picture olifre
👍3

Most helpful comment

This is happening because of the change that allowed only username field to be detected for KeePassXC-Browser. It allowed many pages to work that remained undetected in previous versions.

A fix has been done, and it's waiting for merge.

picture varjolintu on 11 Jun 2018
👍2

All 7 comments

Clearly we need to ignore input fields if its id or name contains "search", when the type is still "text". I guess there's no other way to identify these. In the meantime you can choose the credential fields manually for that site.

varjolintu picture varjolintu on 10 Jun 2018

In the meantime you can choose the credential fields manually for that site.

Thanks! Since the failung subpage does not have any credential fields (only the search box), I've just put it in the ignore list, which works fine.

olifre picture olifre on 10 Jun 2018

This is a bug introduced in 1.1.4. All search boxes on registered sites trigger the credential pull...

droidmonkey picture droidmonkey on 11 Jun 2018

same here, super annoying

theonlydoo picture theonlydoo on 11 Jun 2018

This is happening because of the change that allowed only username field to be detected for KeePassXC-Browser. It allowed many pages to work that remained undetected in previous versions.

A fix has been done, and it's waiting for merge.

varjolintu picture varjolintu on 11 Jun 2018
👍2

thanks!

theonlydoo picture theonlydoo on 11 Jun 2018

This still happens in Gmail and Inbox. We really need to move to an opt-in setting for single field fills, or explicit site registration. Heuristics DO NOT WORK in this case.

droidmonkey picture droidmonkey on 11 Jun 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

muchqs picture muchqs  路  4Comments
whit-colm picture whit-colm  路  4Comments
metaxis picture metaxis  路  3Comments
Ana06 picture Ana06  路  4Comments
flibustenet picture flibustenet  路  4Comments