Keepassxc: Browser integration leaking informations
Expected Behavior
When I have several databases opened in KeepassXC, KeepassXC-Browser get passwords of the active database (selected tab) if a key is present in KeepassXC-Browser settings of the active database.
Current Behavior
When I have several databases opened in KeepassXC, KeepassXC-Browser get passwords of the active database (selected tab) if a key is present in KeepassXC-Browser settings of any open database.
Steps to Reproduce
- Open a DB: DB1. Connect this DB to KeepassXC-Browser. This DB contains a password for website.com
- Open a DB: DB2. Do not connect this DB to KeepassXC-Browser. This DB contains a password for website.com
- When browsing website.com and active DB is DB2, KeepassXC-Browser know the password in DB2.
Context
When accessing a password of a database not connected (DB2), KeepassXC-Browser says it is connected to Keepass with a key named "Firefox". This key does not exists in any of my settings.
This bug is intermittent and I do not know exactly how to trigger it.
Debug Info
KeePassXC - Version 2.4.3
Revision: 5d6ef0c
Qt 5.9.5
Debugging mode is disabled.
Operating system: Ubuntu 18.04.3 LTS
CPU architecture: x86_64
Kernel: linux 4.15.0-58-generic
Enabled extensions:
- Auto-Type
- Browser Integration
- SSH Agent
- KeeShare (signed and unsigned sharing)
- YubiKey
Cryptographic libraries:
libgcrypt 1.8.1
haroldm
All 3 comments
I'll fix this ASAP. It's probably related to the change where the restriction accessing multiple databases were introduced.
varjolintu
on 27 Aug 2019
Steps to reproduce:
- Open a connected DB
- Switch tab to non-open non-connected DB2
- Open DB2
If "Search in all opened databases for matching credentials" is checked, the bug doesn't trigger.
varjolintu
on 27 Aug 2019
That's ironic
droidmonkey
on 27 Aug 2019
Related issues
shaneknysh
路
3Comments
guihkx
路
3Comments
JosephHatfield
路
3Comments
lostfictions
路
3Comments
n1trux
路
3Comments
Most helpful comment
That's ironic