Hi all,
i have found a security issue. I am using a MacBook with Parallels Desktop. In Parallels i have a Windows 8 VM with Keepass 2.30.
If i copy a password from Keepass in that VM, i can paste the password in the host operating system Mac OS without any problems (sharing clipboard feature, nothing exciting).
But...if the countdown is over and Keepass erases the password from clipboard, the password is still existing in the clipboard of the host operating system Mac OS. I think - i am not a programmer - that could be easily solved if a empty string would be copied into the clipboard to erase it instead of using a special eraste api method? ...because Parallels Desktop only recognize a "copy" operation. This would be offer more compatibility with other programs like Parallels, VMWare and so on and solves this security issue.
The workaround currently is to manually copy - after every password copy operation - an empty string from a simple notepad or whatever in the VM so that Parallels checks the event and delete the clipboard in the host operating system as well. But this is very inconvenient.
I think this problem is existing in VM Ware as well or in virtual box.
What do you think?
Best regards
KeePass can't do anything about clipboards copied outside the KeePass environment, so it's not a bug in KeePass.
The good thing is an attacker is unlikely to know where the password came from, unless they have physical access to your machine, in which case all bets are off.
cheers, Paul
Last edit: Paul 2015-10-21
True, but there are many instances where KeePass makes accommodations for shortcomings in other people's code (can you say "mono"?), so I don't see any reason why KeePass can't be adapted to close this loophole as well. Of course, ultimately it's Dominik's decision, not ours.
The clipboard is effectively outside the machine KeePass is running on, so I can't see that it's possible for KeePass to do anything.
cheers, Paul
Based on the OP's description of the problem, it seems like using an explicit copy of an empty string (or a something like a single space) to the clipboard as part of the clearing operation would cause the host machine to act properly.
Then again, if the host machine is running some sort of enhanced clipboard manager program that allows multiple clips to be saved and reused, even this might not be sufficient - but that's an exception to an exception, and not enough IMO to keep this minor change to KeePass from being worthwhile.
Okay, bug or not, this behaviour acts with Keepass and users do have the problem with Keepass and the question is, why not improving Keepass and solve this small issue? :)
Very simple solution: do this, what Keepass does for copying the password with e.g. an empty string or whatever. And then....everything works fine. One line of code BEFORE or AFTER the general erase method with the countdown to finalize the obliteration.
And et voila, the very cool program Keepass is a little bit better than before...and more safe ;)
Last edit: IHSM 2015-10-21
Attempting to fool the clipboard by copying a space to it before erasing is a worthwhile proposal.
cheers, Paul
I've added this now. Before trying to clear the clipboard, KeePass now copies "--" into it.
Here's the latest development snapshot for testing:
http://keepass.info/filepool/KeePass_151118.zip
Moving to closed feature requests.
Thanks and best regards,
Dominik
Ticket moved from /p/keepass/bugs/1437/