Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Caution when using {NEWPASSWORD:/Profile/}

2014-07-19
2014-07-21
  • bTb3Gc7hFpxjs
    bTb3Gc7hFpxjs
    2014-07-19

    Hi all,

    First I love this version with many useful changes a lot

    Second I tell you my case when changing my password with {NEWPASSWORD:/Profile/}

    • I created profile password name "s30" with pattern S{30}
    • My current password: D#|RpGo{E^7ST_a{I6j3|n{:bI)qg{
    • When I generate new password with {NEWPASSWORD:/s30/}, it type vywQ4{8o4[MnBxAW*.KT1/cTgh.lq2 but when I view that entry password field, it show vywQ4{{}8o4{[}MnBxAW*.KT1/cTgh.lq2
      It auto change

    • + to {+}

    • % to {%}
    • ^ to {^}
    • ~ to {~}
    • (, ) to {(}, {)}
    • [, ] to {[}, {]}
    • {, } to {{}, {}}

    It cause the new password wrong when log in with auto-type

    You can test with notepad

     
  • wellread1
    wellread1
    2014-07-19

    I also observe the behavior described above i.e. When the new password contains certain characters, the password auto-typed is different than that entered in the password field. Certain characters are enclosed in brackets '{}', and the password entered in the password field is longer than specified by the profile by 2 times the number of characters enclosed by brackets.

     
    Last edit: wellread1 2014-07-19
  • bTb3Gc7hFpxjs
    bTb3Gc7hFpxjs
    2014-07-20

    I cannot log on after change password. I wonder WHY? Try to reset password many times. Try to drag and drop. But all failed. Double check again & found that. So I must exclude some special characters in my password profile.

     
  • wellread1
    wellread1
    2014-07-20

    It is important to not continue auto-typing using any sequence that includes the NEWPASSWORD placeholder, it has a bug (which you have reported above).

    Normally when you change a password you must confirm the new password. Did you change the password successfully? If you were not successful, then the password is still the old password. If you were successful, then depending on how you changed the password it is probably either the password that is in the password field, or the one that was auto-typed. However if you have auto-typed repeatedly using the NEWPASSWORD field, then the new password might be found or reconstructed from the history, provided that you haven't auto-typed so many times that the history depth has been exceeded. You must not continue to auto-type using the NEWPASSWORD placeholder.

    Can you describe exactly the process you used to change the old password and confirm the new password? Did you use an auto-type sequence? If so what was the sequence?

     
  • Dominik Reichl
    Dominik Reichl
    2014-07-20

    Thanks for reporting this issue! I've fixed it now (the raw new password is now stored in the entry, not its corresponding auto-type sequence).

    Here's the latest development snapshot for testing:
    http://keepass.info/filepool/KeePass_140720.zip

    Best regards,
    Dominik

     
    • bTb3Gc7hFpxjs
      bTb3Gc7hFpxjs
      2014-07-20

      Thanks for reporting this issue! I've fixed it now (the raw new password is now stored in the entry, not its corresponding auto-type sequence).

      Here's the latest development snapshot for testing:
      http://keepass.info/filepool/KeePass_140720.zip

      Best regards,
      Dominik

      Thanks man.

      checksums for that file

      • MD5: 5C3145EBF9A0350C62DE276ECD0E9D3D
      • SHA-1: 27903E13E0DE691147DEE534AA164613B897A019

      PS: My previous post with attachment & some links sharing that attachment is lost.

       
      Last edit: bTb3Gc7hFpxjs 2014-07-20
  • Paul
    Paul
    2014-07-20

    PS: My previous post with attachment & some links sharing that attachment is lost.

    Some posts are dropped into the moderation queue, yours was one of them. As there were multiple attachments from different sources with no description I didn't allow it through. Please describe your attachments in detail so others understand what they relate to.

    cheers, Paul

     
  • bTb3Gc7hFpxjs
    bTb3Gc7hFpxjs
    2014-07-21

    Some posts are dropped into the moderation queue, yours was one of them. As there were multiple attachments from different sources with no description I didn't allow it through. Please describe your attachments in detail so others understand what they relate to.

    cheers, Paul

    Thanks Paul

    Can you describe exactly the process you used to change the old password and confirm the new password? Did you use an auto-type sequence? If so what was the sequence?

    I captured all my process in attachment (images are sorted by timestamp)

     
    Last edit: bTb3Gc7hFpxjs 2014-07-21
    Attachments