Psykukumber
commented
6 years ago Can confirm this issue on my Android 6.0 Phone
Steps to reproduce:
- Open some db entry and add fild with some info
- Check "Protected"
- Tap "Save"
- Make sure that function is literally broken
KeePass realizations like KeePassXC stores TOTP tokens in this fields, so although I can't make screenshot, this sensitive data still visible, which I believe is a big security flaw.
I have some fields that are marked for in memory protection. In the desktop version their values are replaced by asterisks. In this app, they show up in plain text.