Keepassxc: KeePassXC Won't Copy Password When "Lock Database After Minimizing Window" Is Checked.

Created on 20 Oct 2017  路  19Comments  路  Source: keepassxreboot/keepassxc

Current/Expected Behavior

Hello, after enabling the option "Lock Database After Minimizing Window", whenever I copy a password, KeePass closes normally (because I have "Minimize when copying to clipboard" checked), however if I try to paste my password, nothing is in my clipboard, when it should be.

Steps to Reproduce (for bugs)

  1. Enable "Lock databases after minimizing window".
  2. Copy password, KeePass should minimize if the setting is enabled to where if you copy a password, the program minimizes.

Picture of settings. [[1](https://i.zelakto.tv/9ym0mno.png)] [[2](https://i.zelakto.tv/e4rXSss.png)]

Context

Very inconvenient, the only way I can copy passwords is if I physically edit the entry, or disable the option to where the database locks once the program is minimized.

Debug Info

KeePassXC - Version 2.2.1
Revision: 2bce9c8add07226e9a05e9e0fd0e5e66b236d5b6

Libraries:

  • Qt 5.9.1
  • libgcrypt 1.8.1

Operating system: Windows 10 (10.0)
CPU architecture: x86_64
Kernel: winnt 10.0.16299

Enabled extensions:

  • KeePassHTTP
  • Auto-Type
  • YubiKey
discussion security
Source
picture Zackery
👍1

Most helpful comment

A modified behavior when these options are both enabled could be:

  1. Copy to clipboard
  2. Minimize to tray
  3. Wait for clipboard timeout or 30 seconds whichever is less
  4. Lock the database
  5. Wipe the clipboard
picture droidmonkey on 20 Oct 2017
👍6

All 19 comments

Hard to say if this is really a bug or expected behavior.

phoerious picture phoerious on 20 Oct 2017

Seems expected/correct behavior to me

TheZ3ro picture TheZ3ro on 20 Oct 2017

How is this expected behavior if the function of "copy to clipboard" is not performed?

The expected sequence would be (with the options active here):

  1. Request copy to clipboard
  2. Password is copied to clipboard
  3. Application is minimized
  4. Database is locked

You're saying by activating this combination of options, Step 2 is skipped and this is "correct" behavior.

When 1 is "Copy this" and 2 is "Is copied", then you can't have any "correct sequence" that starts with "Copy this" and not ever perform a copy no matter what the following steps are.

What the user is describing here is the sequence actually works like this:

  1. Request copy to clipboard
  2. Application is minimized
  3. Database is locked
r0ckarong picture r0ckarong on 20 Oct 2017
👍3

It is copied, but closing the database clears the clipboard.

phoerious picture phoerious on 20 Oct 2017

If the database is locked there is no reason to keep data in the clipboard.

The sequence performed by KeePassXC is:

  1. Request copy to clipboard
  2. Password is copied to clipboard
  3. Application is minimized
  4. Database is locked
  5. Clipboard is wiped since DB is locked

If we change the behavior in this case we need to keep in mind every other case (I personally want to clear clipboard if my database is locked)

TheZ3ro picture TheZ3ro on 20 Oct 2017

A modified behavior when these options are both enabled could be:

  1. Copy to clipboard
  2. Minimize to tray
  3. Wait for clipboard timeout or 30 seconds whichever is less
  4. Lock the database
  5. Wipe the clipboard
droidmonkey picture droidmonkey on 20 Oct 2017
👍6

KeePassX does what @droidmonkey describes.
Why would I copy something to the clipboard which I can't paste because it get's deleted within the same milisecond?

jeena picture jeena on 6 May 2018

@jeena And why would KeePassXC leave the DB unlocked when I have explicitly enabled "Lock db after minimizing windows" ?

IMHO this should be a Security option and by default KeePassXC should always wipe the clipboard when a DB is locked.
I don't think KeePassX leave data in the clipboard after a DB has been locked, and if it does it's a security problem.

TheZ3ro picture TheZ3ro on 6 May 2018

In keepassx if you use Ctrl + C for copying the password it will disappear from clipboard in 15 s if I remember well (15 or 10). I think this is a must also for KeePassXC

leonardoporpora picture leonardoporpora on 6 May 2018

@TheZ3ro Because otherwise this functionality is unusable, what's the point of having this function if you can't do anything with it, or am I missing something?

The only thing I want to do is to be able to paste the password into the other app. And I'd like the db to be automatically locked so I don't need to do it manually every time.

How do you use KeePassXC, do you lock the database manually after you pasted the password?

jeena picture jeena on 6 May 2018
👍2

I personally think the lock on minimize feature is silly and results in you having to unlock the database way too much. Perhaps we can notify the user when they try to copy password with these two settings enabled that this may result in spillage of data. I agree we should support the workflow even though I dislike the setting.

droidmonkey picture droidmonkey on 7 May 2018

I personally use autotype most of the time.
The few times I copy to clipboard I don't lock the DB since I have autolock after 60 sec (and clear-clipboard after 20 sec)

The functionalities are not usable only when used together.
To me it make no sense to copy a password, minimize to tray (and thus locking the DB since the option is enabled) and assuming the password is still in the clipboard.

When a db is locked, no data should be available (clipboard included)

TheZ3ro picture TheZ3ro on 7 May 2018

I'm too afraid of autotype once I pasted in the username and password into a public IRC channel because it was the last window which was in focus and I didn't realize it. Since then I've never used autotype again, it's too dangerous.

Having autolock after 60 seconds wouldn't work for me either, I sometimes have to leave quite abruptly and wouldn't want my database accessible for a minute where all my private passwords are, especially at work.

I want to lock the database automatically after I pasted my password which is most of the time within 10 seconds after copying it, or even faster.

jeena picture jeena on 7 May 2018

So i think an option like "Keep data in clipboard after locking database" should be good, but the default should be disabled.
Clearing the clipboard will be performed after X second like for the usual clear-clipboard option.

Little off-topic note about the autotype: It seems that you either you didn't configured it well, used the perform autotype function or used an old version of KeePassX.
KeePassXC (when called from global autotype) checks the window title everytime an autotype is triggered and only paste username/password if it matches the entry title or the window association title in autotype config.

TheZ3ro picture TheZ3ro on 7 May 2018

Not to mention you should enable the "always ask before performing auto type" setting.

droidmonkey picture droidmonkey on 8 May 2018

It was quite some time ago so I think it was both, an older version of KeePassX and I used the perform autotype function.

jeena picture jeena on 8 May 2018

Is this still an issue?

phoerious picture phoerious on 26 Oct 2019

Yes it is

droidmonkey picture droidmonkey on 26 Oct 2019

This issue is especially annoying in my setup:

  1. KeepassXC database is locked
  2. I request auto-type via shortcut
  3. The website I'm on has only a field for password (not username+pw), e.g. paypal.com
  4. I right-click on the KeepassXC popup to only copy the password entry
  5. The DB is auto-locked because auto-type is done, and the clipboard is cleared

Thus, the auto-type copy-to-clipboard feature is totally broken in conjunction with the close-db-after-auto-type-if-db-was-closed-before security feature.

criemen picture criemen on 13 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TheZ3ro picture TheZ3ro  路  3Comments
lostfictions picture lostfictions  路  3Comments
rugk picture rugk  路  3Comments
Throne3d picture Throne3d  路  3Comments
guihkx picture guihkx  路  3Comments