search

suhadzain / keepassdroid

Automatically exported from code.google.com/p/keepassdroid
0 stars 0 forks source link

Possibility to guess a password if russian cyrillic is used as a password #806

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create KeePass database in Android, used password "эээээ"
2. Opened the same database, used password "абвгд"
3. KeePass database is unlocked.

Couldn't found a problem listed here.
This is some serious defect in implementation, as it provides the possibility 
to crack a database, if a person had a russian-language password and 
hypothetical hacker guessed the amount of symbols. Though, desktop version 
doesn't have that trouble.

What version of the product are you using? On what operating system?
2.0.3, Android 4.1.2

Original issue reported on code.google.com by jugg.map...@gmail.com on 1 Aug 2015 at 10:48

GoogleCodeExporter commented 8 years ago 
Forgot to attach the database.
Used any 5-letter cyrillic password and it still worked.

Original comment by jugg.map...@gmail.com on 1 Aug 2015 at 10:52

Attachments: