KeepassXC does not recognise YubiKey unless opened as Administrator on Windows 10

[theoisadoor]

Overview

In an attempt to add another layer of security to my database, I have tried adding a YubiKey 5 NFC for 'Challenge-Response'. On Mac, have tested both YubiKey 5 NFC & YubiKey 5C Nano and both are recognised. On Windows, neither are recognised by KeepassXC unless the program is opened elevated. YubiKey Manager has no issue seeing the device without being opened elevated. Have tested on 2.7.7 & 2.7.8 to no avail.

Steps to Reproduce

Creating New Database

1. Open KeepassXC without elevation
2. Create new database
3. Continue till you can 'Add Challenge-Response'
4. 'No hardware keys detected'
5. Open KeepassXC with elevation
6. Repeat steps 2-3
7. YubiKey now present and available

Editing Existing Database

1. Open existing DB (without Challenge-Response enabled) without KeepassXC elevation
2. Navigate to 'Database > Database Security...'
3. 'Add Challenge-Response'
4. 'No hardware keys detected'
5. Open existing DB (without Challenge-Response enabled) with KeepassXC elevation
6. Repeats steps 2-3
7. YubiKey now present and available

Expected Behavior

YubiKey available as an option for 'Challenge-Response'

Actual Behavior

YubiKey is not present in the list as an option for 'Challenge-Response'

Context

Have tested on Macbook Pro 2019, same version (2.7.9 rev 8f6dd13) with no issue in recognising the YubiKey(s).

Windows

KeePassXC - Version 2.7.9 Revision: 8f6dd13

Qt 5.15.11 Debugging mode is disabled.

Operating system: Windows 10 Version 2009 CPU architecture: x86_64 Kernel: winnt 10.0.19045

Enabled extensions:

• Auto-Type
• Browser Integration
• Passkeys
• SSH Agent
• KeeShare
• YubiKey
• Quick Unlock

Cryptographic libraries:

• Botan 3.1.1

Operating System: Windows/Linux/macOS

[droidmonkey]

I cannot replicate this. I did find an odd behavior in the auto-detection of yubikeys which I fixed in a recent PR. However, this did not prevent finding the key after a manual refresh. You'll have to check your system settings, maybe, on access to USB devices. Without replication there can be no fix. Also this only appears to be affecting you at the moment which raises the likelihood it is a local problem.

[theoisadoor]

Tried with a fresh install of Win10 and had the same issue, spoke it through with Yubico support, and they likewise couldn't replicate it. Not sure where the issue lies, because it's not a hardware fault since it is detected albeit not by KeepassXC unless elevated, and a fresh install of Windows didn't solve it either which should be the 'ideal' conditions. I'm going to try installing Linux on this machine and see if I see the same behaviour, which would then entirely rule out hardware.

[theoisadoor]

Just tested with Ubuntu 24.04 and worked perfectly straight away, so not hardware. Windows 10 22H2 19045.5011 is the version I am testing on.

[defkev]

I can replicate this!

Same Problem with a fresh 2.7.9 installation on Windows 10 22H2 I did just now → No hardware keys detected unless run as admin

For posterity on my Workstation, also running 22H2, KeePassXC 2.7.4 is working just fine with the same key. Same with 2.7.9 on Arch.

I'll try to downgrade KeePassXC to 2.7.4 later and see if this is a KeePass or Windows problem.

[droidmonkey]

Requiring administrator access automatically makes it an OS problem and not an app problem. This appears to be some issue with 22H2 and yubikey.

[theoisadoor]

I've just tested on Win11 22H2 22621.4317 and exact same issue again, will not work unless elevated. I've pointed Yubico support towards this issue thread and hopefully they can investigate/resolve with Microsoft.