Posible bug, exporting shows a non-secure password box

Anonymous
2013-10-11
2013-10-22
  • Anonymous - 2013-10-11

    When exporting, usually, Keepass shows a secure desktop UI, similar to UAC, which unloads all hooks keyloggers might put on the keyboard filter. This is useful for unlocking, but it's not doing it when exporting. Even if when unlocking it's secure, if a user exports one or more entries, then a potential keylogger active can record the master password,

     
  • Paul

    Paul - 2013-10-11

    To export you must have unlocked KeePass. Where in this scenario is the master password requested?

    cheers, Paul

     
  • Anonymous - 2013-10-19

    If a hidden keylogger is present, when the db gets unlocked it's safe but if some entries are exported the password gets recorded when the master password box shows up, on pressing export.

     
  • Paul

    Paul - 2013-10-20

    I don't have the master password box showing on export. Please describe exactly how to replicate this?

    p.s. If you have a key logger installed your passwords are already lost. KeePass cannot protect you on a compromised machine.

    cheers, Paul

     
  • wellread1

    wellread1 - 2013-10-20

    A Master Key dialog box (repeat) is shown if Tools>Options>Policy(tab): Export - No Key Repeat* is unchecked. The dialog box is not presented on a secure desktop.

    Emm:
    As Paul pointed out, if your computer becomes compromised all normal operations are likely unsafe.

     
    Last edit: wellread1 2013-10-20
  • Anonymous - 2013-10-21

    @wellread1, alright, so the option is to not use the Master Key dialog box on export at all instead of making all Master Key dialog box show in secure desktop mode?

    @Paul, I'm not referring to my own computer, I'm referring to a general case. If I would use the portable version of KeePass and run it on a public computer from a flash drive, in order to minimize the risk when dealing with tampered computers, a hidden keylogger would get only the data I put out, in the web forms, not the whole database. If the user who installed the keylogger, later, detects my KeePass and decides to add database copying routines to snatch the files, if a master password is not secured, he can use it along with snatced databse files to gain access to all the data. Note, the data put out publicly is of no big concern, KeePass is here mostly for convenience of not having to type and remember all minimal importance login data.

    The other solution, besides not using an unsecure Master Key dialog box would be to just use a public database separate from a private database which I shouldn't access on public computers?

    Alright then...

     
  • wellread1

    wellread1 - 2013-10-21

    wellread1, alright, so the option is to not use the Master Key dialog box on export at all instead of making all Master Key dialog box show in secure desktop mode?

    That would help prevent a key logger from capturing the Master Key on a compromised computer. You could submit a feature request (not a bug report) that the Master Key dialog be displayed on a secure desktop when a Repeat Master Key event occurs and "Enter Master Key on secure desktop" option is checked.

    The other solution, besides not using an unsecure Master Key dialog box would be to just use a public database separate from a private database which I shouldn't access on public computers?

    Personally, I would do my utmost to avoid using or exposing sensitive information on a public computer. A two database solution seems reasonable.

     
  • wellread1

    wellread1 - 2013-10-21

    Deleted double post.

     
    Last edit: wellread1 2013-10-21
  • Paul

    Paul - 2013-10-22

    I've found the option to require the master key to export - thought I knew most of the bits, but obviously not.

    Having thought a bit more about your request I can't see any reason to change the current behaviour. You should never be exporting KeePass data on a compromised computer so changing the behaviour is implicit agreement that you should do something very insecure. If your "secure" computer has a key logger it's no longer your computer (1st law of computer security).

    cheers, Paul

     

Log in to post a comment.