Skip to content

Browser integration leaking informations #3477

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#3480
Closed
Browser integration leaking informations#3477
#3480
Assignees
varjolintu
Labels
feature: Browsersecurity
@haroldm

Description

@haroldm
haroldm
opened on Aug 27, 2019

Expected Behavior

When I have several databases opened in KeepassXC, KeepassXC-Browser get passwords of the active database (selected tab) if a key is present in KeepassXC-Browser settings of the active database.

Current Behavior

When I have several databases opened in KeepassXC, KeepassXC-Browser get passwords of the active database (selected tab) if a key is present in KeepassXC-Browser settings of any open database.

Steps to Reproduce

  1. Open a DB: DB1. Connect this DB to KeepassXC-Browser. This DB contains a password for website.com
  2. Open a DB: DB2. Do not connect this DB to KeepassXC-Browser. This DB contains a password for website.com
  3. When browsing website.com and active DB is DB2, KeepassXC-Browser know the password in DB2.

Context

When accessing a password of a database not connected (DB2), KeepassXC-Browser says it is connected to Keepass with a key named "Firefox". This key does not exists in any of my settings.

This bug is intermittent and I do not know exactly how to trigger it.

Debug Info

KeePassXC - Version 2.4.3
Revision: 5d6ef0c

Qt 5.9.5
Debugging mode is disabled.

Operating system: Ubuntu 18.04.3 LTS
CPU architecture: x86_64
Kernel: linux 4.15.0-58-generic

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • SSH Agent
  • KeeShare (signed and unsigned sharing)
  • YubiKey

Cryptographic libraries:
libgcrypt 1.8.1

Metadata

Assignees

Labels

feature: Browsersecurity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions