Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#1810 PASSWORD_ENC placeholder doesn't substitute placeholders in password field

KeePass_2.x
closed
nobody
None
5
2014-01-07
2014-01-06
Nusqesse
No

If the PASSWORD field has a placeholder, in particular one like:
{REF:P@T:MyReusedPassword}
then the URL
cmd://"{APPDIR}\KeePass.exe" "{USERNAME}" -pw:"{PASSWORD}" -keyfile:"{S:KeyFile}"
successfully opened the KeePass file {USERNAME} but
cmd://"{APPDIR}\KeePass.exe" "{USERNAME}" -pw-enc:"{PASSWORD_ENC}" -keyfile:"{S:KeyFile}"
failed.
Also, after replacing the password field with a literal password instead of "REF:P@T:MyReusedPassword}" then the URL
cmd://"{APPDIR}\KeePass.exe" "{USERNAME}" -pw-enc:"{PASSWORD_ENC}" -keyfile:"{S:KeyFile}"
successfully opened the KeePass file.

I assume from these observations that placeholder substitution is not being correctly performed on the password field before it is encrypted to replace the {PASSWORD_ENC} placeholder.

The temporary workarounds are obviously to not use placeholders in the password field or the less secure option of using the command line option "-pw:{PASSWORD}" instead of "-pw-enc:{PASSWORD-ENC}".

Discussion

  • Nusqesse
    Nusqesse
    2014-01-06

    And btw, this is in KeePass 2.24 on Windows 7.

     
  • Dominik Reichl
    Dominik Reichl
    2014-01-06

    I like your suggestion and have now added Spr-compilation support for the {PASSWORD_ENC} placeholder.

    Here's the latest development snapshot for testing:
    http://keepass.info/filepool/KeePass_140106b.zip

    Moving to closed feature requests.

    Thanks and best regards,
    Dominik

     
  • Dominik Reichl
    Dominik Reichl
    2014-01-06

    • status: open --> closed
     
  • Dominik Reichl
    Dominik Reichl
    2014-01-06

    Ticket moved from /p/keepass/bugs/1201/

     
  • Nusqesse
    Nusqesse
    2014-01-07

    Thanks Dominik - I tested the development snapshot and it fixes the problem.