search

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
21.39k stars 1.48k forks source link

(KeePassXC 2.7.9) HMAC-SHA1 Challenge Response causes DB to Malfunction #11487

Closed chamele0n1c closed 12 hours ago

chamele0n1c commented 12 hours ago

Overview

So I configured HMAC-SHA1 challenge response on one of my YubiKey 5C slots & added it for additional security to my KDBX 4 DB. After doing so, when I went back to the DB Security options and changed nothing & tried to exit I was greeted with a windows saying "No password set", the body of which was "WARNING! You have not set a password. Using a database without a password is strongly discouraged!". I was like "huh?" so I ignore it and go figure, it literally unset my master key. I double verified by doing it again & removing my challenge response and tried to exist and got greeted with "You must set at least one encryption key..."

Steps to Reproduce

  1. Database -> Database Security -> Security -> Challenge Response
  2. Add YubiKey 5C FIPS Slot 2 configured for HMAC-SHA1
  3. Click on OK
  4. Greeted with "WARNING! You have not set a password. Using a database without a password is strongly discouraged!"

Expected Behavior

My master key shouldn't be unset by adding a challenge-response

Actual Behavior

My Master Key (password) gets removed when adding my YubiKey

Context

DEBUG INFO

KeePassXC - Version 2.7.9 Revision: 8f6dd13

Qt 5.15.11 Debugging mode is disabled.

Operating system: Windows 11 Version 2009 CPU architecture: x86_64 Kernel: winnt 10.0.22631

Enabled extensions:

Cryptographic libraries:

Operating System: Win11 Pro (x64) 23H2 22631.4460 Desktop Env: N/A Windowing System: N/A

droidmonkey commented 12 hours ago

This has been fixed for next release. https://github.com/keepassxreboot/keepassxc/pull/11001