#1910 Windows Security Credentials not triggered

KeePass_2.x
closed
nobody
uac (1) login (1)
5
2014-08-16
2014-08-08
Kaxudb
No

Windows security credentials is not triggered by any regex that keepass supports.

It triggers with either *, //Windows.?Security// or just //Windows Security// but it also triggers at every other input fields as well. Windows UAC mechanics includes this title on every window so it cannot be done by a simple regex field.

This requires fixing because this is available at login, user switching, run as <user> etc and it is very important.

Discussion

  • Paul

    Paul - 2014-08-08

    What do you mean "not triggered"? Please provide a step by step example so we can test / replicate.

    cheers, Paul

     
  • Kaxudb

    Kaxudb - 2014-08-08

    You can get the windows credentials window by selecting run as different user on an executable.

    In keepass I created an entry, filled username and password fields and left URL empty.
    Then in the auto-type tab I added a custom sequence for specific windows: //Windows.?Security//

    The problem is that it auto-fills the data in the security credentials window but it also fills in every otther window as well (browser, apllications, everything). I cannot make this entry work ONLY for that credential window.

     
  • Paul

    Paul - 2014-08-09

    Works fine for me with by choosing "Windows Security" from the Target window drop down and by typing it manually. No need for a regex.
    What other credential fields does it fill?

    cheers, Paul

     
  • Kaxudb

    Kaxudb - 2014-08-09

    Yes, I know it works but it also works for all websites in firefox and some applications such as yahoo messenger.

     
  • wellread1

    wellread1 - 2014-08-09

    it also works for all websites in firefox and some applications such as yahoo messenger.

    You have defined your auto-type Target Window too broadly. If you defined your auto-type correctly it will only auto-type when the term "Windows Security" is actually in the window title (e.g. browser tab title). Since "Windows Security" is not a term commonly found in browser tab titles in firefox or yahoo messenger, what you describe won't happen if you have configured auto-type correctly.

    If you are having a problem with your matching criteria being too permissive, use the complete Target Window Title only. Do not use regular expressions or wild cards in your auto-type sequences. Remove all problem auto-type sequences that contain regular expressions or wild cards (e.g. remove all instances of //Windows.?Security//). Relax this restriction only after you have demonstrated that the more restrictive matching won't unexpectedly auto-type.

    To see the complete Window Title in KeePass, add a temporary KeePass entry while the "Windows Security" dialog is open, select the entry's Auto-Type tab, press the add button, and from the Target window field drop-down menu view the Window Titles of open windows.

     
    Last edit: wellread1 2014-08-09
  • Kaxudb

    Kaxudb - 2014-08-09

    What are you talking about?

    All entries in my database use only the URL field as a match. The only entry that uses auto-type target is this login entry. Everything else is left by default.

    I tried it without regex, only using Windows Security and it still matched everything.

     
  • Kaxudb

    Kaxudb - 2014-08-09

    To see the complete Window Title in KeePass, add a temporary KeePass entry while the "Windows Security" dialog is open, select the entry's Auto-Type tab, press the add button, and from the Target window field drop-down menu view the Window Titles of open windows.

    I can see that you are very skilled. The credential window will not appear in the drop-down because it is not a regular window.

     
  • wellread1

    wellread1 - 2014-08-09

    I am not sure what "Credential Window" dialog you are referring to, but it is certainly possible to auto-type into most of the native Windows Security dialogs. There are a few rare instances where KeePass can not auto-type into a dialog e.g.:

    • If the dialog does not have a Window Title. In this case it should be possible to use Perform Auto-Type (Ctrl-V), or Copy and Paste, instead the global auto-type hot key (default Ctrl-Alt-A).
    • If the dialog is displayed on the secure desktop. Copy & Paste works provided the clipboard is populated prior to invoking the Secure dialog. Otherwise credentials must be entered manually because no other operations are allowed.
    • If the dialog is the "User Account Control" dialog. It seems likely that global hot keys are disabled when this dialog is displayed. Copy & Paste works, Ctrl-V may work but the focus does not always return to the the User Account Control dialog correctly.

    Note: When checking for a Window Title using the method I described above, the dialog must be an active window before pressing the 'Add' button.

    All entries in my database use only the URL field as a match.

    KeePass auto-type does not match URLs in the address bar of a browser. It can only match a "URL" if it is posted to the Window Title (browser tab title). The KeePass settings 'An entry matches if its URL is contained in the target window title' and 'An entry matches if the host component of its URL is contained in the target window title' are used in conjunction with URL in Title Bar browser extensions that post the URL or hostname in the Window Title (browser tab title) where KeePass can check for a match.

    Some Integration & Transfer plugins add URL matching capabilities, but this is not a native KeePass capability.

    I tried it without regex, only using Windows Security and it still matched everything.

    Then a different auto-type, possibly in a different entry, is matching everything.

    Try disabling the auto-type for the entry that you think is matching. Edit the entry, select the Auto-Type tab, un-check 'Enable auto-type for this entry'. Try auto-type again. If an auto-type occurs it is occuring from a different entry.

     
    Last edit: wellread1 2014-08-09
  • Kaxudb

    Kaxudb - 2014-08-09

    I just remember that I had an entry matches if its title is contained in the target window title. When I uncheck it, everything works fine.
    Please accept my apologies for starting this ticket and thanks for all your help.

    I am not sure what "Credential Window" dialog you are referring to

    http://www.neowin.net/images/uploaded/windows-credentials-after-vault.png
    It's the UAC prompt for windows username and password.
    Would you please explain why it works the way it does with the above option checked?

     
    Last edit: Kaxudb 2014-08-09
  • wellread1

    wellread1 - 2014-08-09

    When 'an entry matches if its title is contained in the target window title' is checked, KeePass checks to see if the KeePass Entry Title is contained in the Window Title (wild cards on the entry Title are implied). If you have an entry whose Title is contained in many browser titles then it will auto-type in many browser windows (e.g. A KeePass entry title of '-' (without the quotes) will auto-type into all browser windows because '-' is present near the end of every browser title e.g. '- Mozilla Firefox').

    While the option is convenient because very little auto-type configuration is required, accidental matches can cause auto-type issues that are tedious to debug.

    For additional information about auto-type, review the KeePass Auto-Type help page and practice different methods of matching window titles on the KeePass Auto-Type test page.

     
    Last edit: wellread1 2014-08-09
  • Paul

    Paul - 2014-08-10

    I always have "an entry matches if its title is contained in the target window title" ticked and do not see the results you get.
    What is the Title of the entry that seems to match everything?

    cheers, Paul

     
  • Kaxudb

    Kaxudb - 2014-08-10

    What is the Title of the entry that seems to match everything?

    The title was login. Which explains why some sites worked correctly.

     
  • Paul

    Paul - 2014-08-11

    A Title of "login" will match a lot of sites so I'm not surprised you had problems. Try changing it to "Windows Security" and re-tick "an entry matches if its title is contained in the target window title".

    cheers, Paul

     
  • Dominik Reichl

    Dominik Reichl - 2014-08-16
    • status: open --> closed
    • Priority: 9 --> 5
     

Log in to post a comment.