search

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
20.81k stars 1.44k forks source link

"Don't ask before performing Auto-Type" causes password leak #9238

Open oficsu opened 1 year ago

oficsu commented 1 year ago

Overview

In short: disabling "Always ask before performing Auto-Type" combined with "Global Auto-Type sequence" is EXTREMELY DANGEROUS and causes filling of wrong credentials to login forms or an unintended leak of credentials to wrong places (e.g. google search/messengers/etc...)

Isn't this behavior expected from the checkbox name?

Absolutely not! I disable this option to prevent the appearance of a very annoying confirmation dialog when I use "Perform Auto-Type" per-entry (ctrl+shift+v). In this (completely unrelated) case, the behavior is expected and desired

But at the same time, I don't expect this option should somehow affect "Global Auto-Type shortcut" behavior, because it's... global and should always be followed by a dialog with a list of passwords/usernames

Steps to Reproduce

  1. (optionally) prepare a clean environment and create a new database;
  2. configure any suitable "Global Auto-Type shortcut";
  3. turn off "Always ask before performing Auto-Type";
  4. create an entry with the following title: firefox (or just f);
  5. open Firefox browser and focus on the address bar (for example);
  6. perform Auto-Type with the shortcut

Expected Behavior

A dialog window with a list of usernames and passwords is appeared

Actual Behavior

An Auto-Type sequence is performed immediately. There is no way to select another username, password or specific Auto-Type sequence. Instead, credentials of the entry with the title f/firefox are sent to the default search engine (e.g. google)

The same behavior with any login field in the browser. Sometimes this also happens with the Firefox add-on and "Request Global Auto-Type" shortcut configured via the Firefox add-on manager

Context

KeePassXC - Version 2.7.4 Revision: 63b2394

Browser: Firefox 110.0 KeePassXC-Browser Version: 1.8.5.1

Operating System: Manjaro Linux CPU architecture: x86_64 Kernel: linux 6.1.12-1-MANJARO

KDE Plasma Version: 5.26.5 Windowing System: X11

droidmonkey commented 1 year ago

Hmmmmm.... extremely dangerous, I disagree. Entry level auto type without confirmation is dangerous, which is why we added that prompt for confirmation. I do agree we should probably separate the functionality of that checkbox between global and entry level Auto-Type.

What is also dangerous is combining the enablement of the first two checkboxes for title and url matching with disablement of confirmation.

oficsu commented 1 year ago

Entry level auto type without confirmation is dangerous

I think it's hard enough to perform Auto-Type with a shortcut or context menu accidentally, so... yes, that might be dangerous, but the confirmation dialog doesn't help you to see the mistake: neither information about the selected entry nor about the previously active window is in the dialog. That's the reason I've disabled the checkbox: it simply doesn't help me

Anyway, yes, I totally agree that the functionality of the checkbox should be separated