Menu

Password re-encrypt due to multiple users with different version

Open Discussion
Antho Francoi
2022-09-23
2022-09-28

  • Antho Francoi

    Antho Francoi - 2022-09-23

    Hello,

    We are multiple user sharing one Keepass DB.
    Entry can be added / edited by any user, then shared to our group.

    Each user work on the DB this way
    - Retrieve the last DB version
    - Edit the DB and save (manually or via script : https://pypi.org/project/pykeepass/ )
    - Share the DB to the group.

    Description :
    At one point, a user had to make a manual edit to the DB (mean he downloaded, opened the DB in the software V2.46, edited, saved and shared).
    The next user (V2.51.1) had no issue to open the DB. Everything was fine at this point (even the password). But after this second user edited and saved, every password from every entry in the DB get encrypted in an unknown format (we weren't able to decrypt them to retrieve the original). Fortunatly, we had a backup. So we lost nothing.

    We investigate the issue and noticed that this was linked to the first user old version.
    Multiple users tried to make the "manual edit" (same action) with no issue.
    But everytime the v2.46 user did it, the DB password gets all messed up after another user make a second edit.

    Updating this user old keepass version to the newest solved the issue.
    Note that this same user had no issue when making edit trough the script (we suppose that it's because the script make modification to the DB but without using the keepass software).

    I report it in case other use keepass DB in a group as if we didn't had a backup, we would have lost every password in the DB.

    Best regards

     

  • ReadyPlayerOne

    ReadyPlayerOne - 2022-09-25

    Keepass database shouldn't be used in group as you found out if others don't update to latest it will mess up the database for others users. And keepass isn't setup for multiple users and you will have this same issue again. Is there a reason why users can't keep their own database and manually update the password. What's happening here will be problematic going forward regardless.

     

  • Antho Francoi

    Antho Francoi - 2022-09-26

    Hello,
    Thanks for the answer.
    The reason was to make a file everyone could download and get all the update at once without forgetting one. We tought it was a simple way to do it.
    But we will find another way to manage these.
    Thanks ;)

     

  • Paul

    Paul - 2022-09-28

    Are you able to create a test database that is corruptible as you describe and post it here? It may be useful to work out why this happens.

    Does the 2.46 user have any plug-ins?

    cheers, Paul

     

Log in to post a comment.