Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Master password is not hidden when clicking unlock button (Regression) #7724

Closed
coltrane42 opened this issue Mar 29, 2022 · 1 comment · Fixed by #7725
Closed

Master password is not hidden when clicking unlock button (Regression) #7724

coltrane42 opened this issue Mar 29, 2022 · 1 comment · Fixed by #7725
Assignees
@phoerious
Labels
high priority 🚨 regression security
Milestone
v2.7.1

Comments

@coltrane42
Copy link

coltrane42 commented Mar 29, 2022
edited
Loading

Overview

Up until version 2.6.6, KeePassXC made sure that, in the database unlock window, if the master password visibility was toggled on, it would be toggled off when clicking the unlock button.

Steps to Reproduce

  1. Open a KeePassXC database
  2. Type a password
  3. Toggle password visibility ON
  4. Click unlock button

Expected Behavior

The password visibility should be toggled off during the unlocking procedure (and after, in case the unlocking fails).

Actual Behavior

The password is still visible during the unresponsive period of database unlocking (and after, if the unlocking fails).

Context

The rationale behind this is that during the unlocking procedure the window becomes unresponsive, potentially for a very long time (e.g. opening the database on a less powerful PC, or just wanting a long derivation time) during which the password could be shoulder-surfed.

KeePassXC - Version 2.7.0
Revision: d7a9ef4
Distribution: AppImage

Operative system: Linux Mint 20.3
CPU Architecture: x86_64
Kernel: linux 5.4.0-105-generic
@coltrane42 coltrane42 added the bug label Mar 29, 2022
@phoerious
Copy link
Member

Interesting. This should definitely not happen.

@phoerious phoerious added this to the v2.7.1 milestone Mar 29, 2022
@phoerious phoerious self-assigned this Mar 29, 2022
phoerious added a commit that referenced this issue Mar 29, 2022
@phoerious
Fix regression: Hide password before unlocking database
adb6286 
Fixes #7724
@phoerious phoerious mentioned this issue Mar 29, 2022
Merged
droidmonkey pushed a commit that referenced this issue Mar 30, 2022
@phoerious @droidmonkey
Fix regression: Hide password before unlocking database
7eb7172 
Fixes #7724
pull bot pushed a commit to nonomal/keepassxc that referenced this issue Mar 30, 2022
@phoerious @pull
Fix regression: Hide password before unlocking database
0b7a7d4 
Fixes keepassxreboot#7724
schlimmchen pushed a commit to schlimmchen/keepassxc that referenced this issue Apr 5, 2022
@phoerious @schlimmchen
Fix regression: Hide password before unlocking database
e374949 
Fixes keepassxreboot#7724
t-h-e pushed a commit to t-h-e/keepassxc that referenced this issue Sep 8, 2022
@phoerious @t-h-e
Fix regression: Hide password before unlocking database
af372cb 
Fixes keepassxreboot#7724
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phoerious phoerious

Labels
high priority 🚨 regression security
Projects
None yet
Milestone
v2.7.1
Development

Successfully merging a pull request may close this issue.

Fix regression: Hide password before unlocking database keepassxreboot/keepassxc
2 participants
@phoerious @coltrane42