Changing a database's key file removes the password

[mini-bomba]

Overview

Changing, adding or removing a key file in the database security page without touching the password section removes the password. Note that the inverse is not true: Changing, adding or removing a password does NOT remove the key file.

Steps to Reproduce

1. Create a new database for testing with a password configured
2. In the database security page add a new key file
3. Click OK at the bottom of the page, an alert about no password being set is shown
4. Click continue without a password
5. Lock the database
6. Attempt to unlock the database with password+keyfile - doesn't work
7. Attempt to unlock the database with keyfile and no password - works

Expected Behavior

I expected one of the following:

• The existing database password should've been kept with no alert about no password being set, or
• A prompt to enter the existing database password should've appeared, which would only accept the existing database password

In either of the cases listed above, I expected the database to unlock with a combination of the existing password and the new keyfile, but not with the new keyfile and no password

Actual Behavior

1. An alert about no password being set appears despite me not touching the password section
2. The existing database password is removed

Context

I remember that in previous versions of KeePassXC the database password was kept when changing the database keyfile. I do not remember what exact version that was.

KeePassXC - Version 2.7.9 Revision: 8f6dd13

Qt 5.15.14 Debugging mode is disabled.

Operating system: Arch Linux CPU architecture: x86_64 Kernel: linux 6.9.6-zen1-1-zen

Enabled extensions:

• Auto-Type
• Browser Integration
• Passkeys
• SSH Agent
• KeeShare
• YubiKey
• Secret Service Integration

Cryptographic libraries:

• Botan 3.4.0

Operating System: Linux Desktop Env: KDE 6.1 Windowing System: Wayland