Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shared database is overwritten (not merged) when configured with challenge-response with yubikey #9111

Closed
krikk opened this issue Feb 14, 2023 · 1 comment
Closed

shared database is overwritten (not merged) when configured with challenge-response with yubikey #9111

krikk opened this issue Feb 14, 2023 · 1 comment
Labels
bug duplicate feature: Hardware Keys

Comments

@krikk
Copy link

krikk commented Feb 14, 2023

Overview

user1 and user2 open a shared keepass file (on a UNC Path), which is protected with password + challenge-response (yubikey)

Steps to Reproduce

  1. user1 opens file with yubikey plugged
  2. user2 opens file with yubikey plugged
  3. user2 leaves keepassxc open but unplugs the yubikey (he goes on lunch break, keeps workstation and keepassxc running)
  4. user1 adds an entry to the shared keepass file
  5. the keepassxc process on user2 workstation tries to reload the keepass file, but fails to do so, because yubikey is missing
  6. user2 returns from break and re-plugs yubikey (but does not change anything)
  7. user2 closes keepass database (user gets NO warning prompt or anything) -> file seems to be saved automatically on close

-> BOOM user2 overwrites the change of user1, the entry from user1 is lost!

Expected Behavior

keepassxc should check for changes on the filesystem on every save?

Actual Behavior

user2 overwrites the change of user1, the entry from user1 is lost!

Context

if the user2 in step6 does not replug the key, he will get a warning about saving changes on closing keepassxc

screen after step 5:
image

screen the user2 sees before closing keepassxc (before step 7):
image

KeePassXC - Version 2.7.4
Revision: 63b2394

Qt 5.15.6
Diagnosemodus ist deaktiviert.

Betriebssystem: Windows 10 Version 2009
CPU-Architektur: x86_64
Kernel: winnt 10.0.19045

Aktivierte Erweiterungen:

  • Auto-Type
  • Browser-Integration
  • SSH-Agent
  • KeeShare
  • YubiKey
  • Schnelle Entsperrung

Kryptographische Bibliotheken:

  • Botan 2.19.1

my keepassxc.ini:

[General]
ConfigVersion=2
UpdateCheckMessageShown=true
AutoTypeHideExpiredEntry=true
OpenPreviousDatabasesOnStartup=false
AutoSaveAfterEveryChange=true
BackupBeforeSave=false
UseAtomicSaves=false
FaviconDownloadTimeout=3
GlobalAutoTypeKey=65
GlobalAutoTypeModifiers=201326592
BackupFilePathPattern={DB_FILENAME}-{TIME:yyyy-MM-dd_HH-mm-ss}.kdbx

[GUI]
CheckForUpdates=false
TrayIconAppearance=monochrome
ShowExpiredEntriesOnDatabaseUnlock=false
HidePasswords=true
AdvancedSettings=true
HidePreviewPanel=true
CompactMode=false
ApplicationTheme=classic

[Security]
LockDatabaseScreenLock=false
EnableCopyOnDoubleClick=true
AutotypeAsk=false
ClearClipboardTimeout=15
PasswordsRepeatVisible=false
IconDownloadFallback=true
ClearSearch=false

[Browser]
CustomProxyLocation=
Enabled=true
BestMatchOnly=false
SearchInAllDatabases=true
AlwaysAllowAccess=true

[SSHAgent]
UsePageant=true
UseOpenSSH=false
Enabled=true
@krikk krikk added the bug label Feb 14, 2023
@droidmonkey
Copy link
Member

Always lock your database when you unplug your yubikey.... until #5290 is fixed

@droidmonkey droidmonkey closed this as not planned Won't fix, can't repro, duplicate, stale Feb 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug duplicate feature: Hardware Keys
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@droidmonkey @krikk