-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Weak password" warning incorrectly shown after adding (or removing) a key file from database #10723
Comments
A few of my additional findings:
I suspect that it comes down to this: keepassxc/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp Lines 181 to 205 in da90319
To my surprise, diff --git a/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp b/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp
index 1de8e6a9..0c26bccb 100644
--- a/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp
+++ b/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp
@@ -178,7 +178,8 @@ bool DatabaseSettingsWidgetDatabaseKey::save()
}
// Show warning if database password is weak
- if (!m_passwordEditWidget->isEmpty()
+ bool isNewPasswordDirty = !m_passwordEditWidget->isEmpty() && m_passwordEditWidget->visiblePage() == KeyComponentWidget::Page::Edit;
+ if (isNewPasswordDirty
&& m_passwordEditWidget->getPasswordQuality() < PasswordHealth::Quality::Good) {
auto dialogResult = MessageBox::warning(this,
tr("Weak password"),
@@ -195,7 +196,7 @@ bool DatabaseSettingsWidgetDatabaseKey::save()
// If enforced in the config file, deny users from continuing with a weak password
auto minQuality =
static_cast<PasswordHealth::Quality>(config()->get(Config::Security_DatabasePasswordMinimumQuality).toInt());
- if (!m_passwordEditWidget->isEmpty() && m_passwordEditWidget->getPasswordQuality() < minQuality) {
+ if (isNewPasswordDirty && m_passwordEditWidget->getPasswordQuality() < minQuality) {
MessageBox::critical(this,
tr("Weak password"),
tr("You must enter a stronger password to protect your database."), |
That code won't compile. simply call isVisible() on the password widget. |
Strange, it compiles on my machine..? Anyhow, after some checking to me it seems that calling |
* Fixes #10723 - only display password strength warning when actively editing the password * Also improve behavior of minimum quality warning * Improve behavior and handling of password changes with the database settings dialog * Prevents loss of newly entered password when toggling between elements in the settings page * On error, switch to tab that prevents saving database settings for easier correction
* Fixes #10723 - only display password strength warning when actively editing the password * Also improve behavior of minimum quality warning * Improve behavior and handling of password changes with the database settings dialog * Prevents loss of newly entered password when toggling between elements in the settings page * On error, switch to tab that prevents saving database settings for easier correction
* Fixes #10723 - only display password strength warning when actively editing the password * Also improve behavior of minimum quality warning * Improve behavior and handling of password changes with the database settings dialog * Prevents loss of newly entered password when toggling between elements in the settings page * On error, switch to tab that prevents saving database settings for easier correction
Overview
I set up a new database file for testing purposes initially without using a key file. My master password was generated with KeePassXC using 10 random words from the default word list to ensure very strong entropy. Later I decide to create and add a key file to the database, and when I went to save changes and click "OK" at the bottom I get an incorrect prompt saying my master password is too weak, which I know is false.
Steps to Reproduce
Additional information that may help in reproducing:
Expected Behavior
If the master password is known to be -without a doubt- very strong then there is not supposed to be a "weak password" prompt when saving changes after adding or removing a key file from the database.
Actual Behavior
After adding or removing a key file from the database and saving changes, a prompt incorrectly shows up saying my password is weak.
Context
KeePassXC - Version 2.7.8
Revision: f6757d3
Operating System: Windows 11 Home - (23H2, OS Build 22631.3527)
The text was updated successfully, but these errors were encountered: