#2101 KeePass leaks password to screen when auto-type incorrect

[Adam Tsiopani]

I mistakenly thought that the SHIFT modifier for auto-type was to be used like this:
{+TAB} instead of +{TAB}

I performed an auto-type with the erroneous configuration above. KeePass popped up a dialog displaying my auto-type configuration. It had replaced the {USERNAME} and {PASSWORD} with my actual username and password, in full view on the dialog (see attached)

I feel the {USERNAME} and {PASSWORD} should not undergo any text replacement when showing this dialog. It should be left as tags. Or at the very least they should be masked.

KeePass 2.49 (64-bit)

[Paul]

This is not a bug because KeePass can't know where you want details to be typed or what characters you want along with them.
It is up to you to get the configuration correct so that the details go where you want them.

cheers, Paul

[Adam Tsiopani]

I agree fully with your statement, but I disagree that it applies in this context.

Not a bug:
I misconfigured Auto-Type and it resulted in my password being visible in the address bar of Chrome instead of the password box.

A bug:
I used the wrong tag format for KeePass. It didn't validated my tags when I saved the configuration. If it did, it could have warned me that {+TAB} is an invalid tag. It attempted to use these tags when i performed auto-type. The resulting dialog box that popped up has the title of "KeePass" (it's produced by KeePass, not the application I'm typing into). If I try to perform the erroneous auto-type on ANY windows application, I get the same error dialog from KeePass.

KeePass is stating that the tag is unsupported. It should perform this check when I create the tag. Alternatively it can do it when I try to use it, but it shouldn't leak my password into its own dialog on screen. It should use the unparsed version of the auto-type to display the error msg.

[Dominik Reichl]

Duplicate of
https://sourceforge.net/p/keepass/feature-requests/2656/