Closed GoogleCodeExporter closed 8 years ago
I was going to file a separate bug report, but I think this may actually be the
same issue:
When the timeout is reached and Keepassdroid locks the database, if I switch
back to the app (by long-pressing home and using the app switcher), the master
password will still be entered in the password box, and I only have to press
"ok" to unlock the database again. This of course completely defeats the
purpose of the timeout and massively compromises the security of the database.
This is consistently reproduceable; it happens every time.
Original comment by mrtorr...@gmail.com
on 20 Nov 2011 at 11:40
That sounds like the issue I was having but could not consistently reproduce.
Both of these issues are still present, currently I ensure that when I am done
with the database I clear the password field, but that is a poor solution.
Original comment by teamd...@pbarletta.com
on 21 Nov 2011 at 4:16
I've got the same problem and i've investigated it a little bit more: the
password is not cleared, when the Keepassdroid in background is killed. So, to
reproduce:
1. log in to database
2. switch to main screen or any other application
3. kill keepassdroid (for example using 'Advanced task killer')
4. run keepassdroid, password will be filled; check 'show password' and voila -
you can read your password
The point is that android can kill background applications when it is running
out of memory, so the issue was hard to reproduce - i think you've left app in
background and very rarely it was killed by the system...
My phone: HTC Wildfire with Cyanogenmod 7.
Original comment by M.Kosew...@gmail.com
on 4 Dec 2011 at 11:27
I am experiencing similar problems. This should be higher than medium as it
renders the app useless in terms of protecting account information.
Versions
1.9.5
cm 7.1.0 selfkang sensation
Original comment by she...@gmail.com
on 12 Dec 2011 at 3:29
I have the same problem. The password field does not clear once the db is
unlocked. Even days later when I rerun the app the password field contains the
password.
Version 1.9.9
HTC Desire CM 7.1 and now CM 7.2 RC1
Original comment by bweiber...@googlemail.com
on 21 Mar 2012 at 8:19
Also seeing both manifestations of this problem. Hoping for a fix as this
seems a glaring security. hole to me - ironic for a security app.
Original comment by maynar...@gmail.com
on 9 Sep 2012 at 1:07
Issue 403 has been merged into this issue.
Original comment by bpel...@gmail.com
on 12 Sep 2012 at 3:38
Issue 382 has been merged into this issue.
Original comment by bpel...@gmail.com
on 12 Sep 2012 at 4:56
This should be fixed in 1.9.17.
Original comment by bpel...@gmail.com
on 12 Sep 2012 at 5:04
Issue 321 has been merged into this issue.
Original comment by bpel...@gmail.com
on 12 Sep 2012 at 5:07
Issue 354 has been merged into this issue.
Original comment by bpel...@gmail.com
on 12 Sep 2012 at 5:07
Thanks!
Original comment by bruce.a....@gmail.com
on 13 Sep 2012 at 6:58
[deleted comment]
[deleted comment]
Unfortunately, issue with pre-filled master-password after task-killing
KeePassDroid is still reproducible:(
Samsung Galaxy Ace [Android 2.3.6]
KeePassDroid 1.9.18.1.
Original comment by pratt...@gmail.com
on 14 Sep 2012 at 11:22
Issue 437 has been merged into this issue.
Original comment by bpel...@gmail.com
on 2 Feb 2013 at 6:16
Original issue reported on code.google.com by
teamd...@pbarletta.com
on 6 Aug 2011 at 8:13