Some websites trigger access to specific passwords

[rugk]

It is really strange and potentially a security issue as for some websites I see that KeePassHttpConnector requests some passwords, which are completely unrelated… (There is not even a visible password field…)

I'll let you know next time when I see a website, where this happens. Cannot remember which websites it affects.

[rugk]

Ah e.g. this site https://eventphone.de/guru2/signup requests my password for a gittea instance. Even worse,. it actually fills in the password!

So for sure, this is a security issue!

[smorks]

Turn off "Automatically fill-in single credentials entry", and it won't auto-fill anything.

It's hard for me to say why this is happening. i went to both the login & signup page, and it didn't bring up any of my existing credentials. could you post screenshots (with credentials blacked out) of the gitea entry that's it's bringing up?

[rugk]

Turn off "Automatically fill-in single credentials entry", and it won't auto-fill anything.

That is not a solution, I want that feature, of course. It just chooses the wrong website.

[rugk]

BTW, after I've created an account there, and saved a new password, it fills in the right one and does not even offer me the "wrong" one again…

[rugk]

[smorks]

sorry, i never said that option was a solution, i was just trying to help.

anyways, this is most likely a problem in KeePassXC. all this extension does is send the url (and the form submit url) to KeePassXC, and it does the matching. what version are you running? i know there was a bug that they fixed in v2.2.2: keepassxreboot/keepassxc#1017 that may the same thing you're experiencing?

[rugk]

v2.2.2

[rugk]

Still reproducible with v2.2.4 BTW, see keepassxreboot/keepassxc#1017 (comment)