Key file last position is remembered after session lock

[jamm3r]

KeepassXC remembers the exact position (directory) of the Key file after session is locked/unlocked, potentially reducing the security of the key file, even if "remember last key files and security dongles" option is disabled.

Expected Behavior

After a session lock / lid closed KeepassXC should point to the user home directory (as for a new instance of KeepassXC) instead of bringing the user to the directory where the last used key file is/was positioned.

Steps to Reproduce (for bugs)

While using a database with also a key file master key:

1. De-select "Remember last key files and security dongles"
2. Select "Lock databases when session is locked or lid is closed"
3. Lock session
4. Unlock session
5. Browse for the key file

Debug Info

KeePassXC - Version 2.2.2
Revision: 6d46717

Libraries:

• Qt 5.9.2
• libgcrypt 1.8.1

Operating system: Windows 7 SP 1 (6.1)
CPU architecture: x86_64
Kernel: winnt 6.1.7601

Enabled extensions:

• KeePassHTTP
• Auto-Type
• YubiKey

[droidmonkey]

Does this happen when you first open the database or only on lock/unlock?

[jamm3r]

Only on lock/unlock. At first it points to the user home directory.

[droidmonkey]

This is likely because we reuse the widget that you enter your password into to unlock and don't clear the "memory" stored in the browse... Button.

[phoerious]

If you want to make sure nothing is left in memory, you should really terminate KeePassXC. The option only makes sure that nothing is stored on disk.
I don't really see this too much as a security issue, especially when the key file is on an external disk drive. There are a lot more things that perhaps should be purged from memory, but aren't (e.g., the position of the selected entry inside a DB). Yes, maybe we should clear all those things, but on the other hand, your passwords are probably already compromised when a malicious application can access your system's memory. Aknowledged, one reasonable threat scenario would be if you leave your workstation and someone else then creates a memory dump. But that same person could also simply install a key logger and get your password next time you unlock the database.

[jamm3r]

Indeed, that's why I called it just a potential reduction of security.
But speaking about the scenario, I was thinking of a compromised OS account password, more than a memory dump.
IDK, maybe there are indeed worse things and better priorities, but I thought it could be a little improvement :)

[phoerious]

It's an issue, but nothing that shouldn't let you sleep at night. It's weighing security against usability. I kind of like it when the database Remembers my selection, but you may of course argue that it leaks at least meta data about the database. Perhaps we should go over the code, identify those parts and then thoroughly decide how to proceed with them. We fixed an issue in the past where KeePassXC wouldn't clear the search field. I think that was a bigger issue, because it potentially allowed shoulder surfing.

[tomgar]

The issue of the OP happens to me, but at startup. I've checked "Remember last databases", but unchecked "Remember last key files and security dongles", yet if I click on "Browse" at keepassxc startup, the file dialog opens in the key file directory... so you know, if you don't use a password and there aren't so many files in that dir, you're giving away the database.

I think I remember this didn't happen with the original keepassx software.

---

KeePassXC - Version 2.2.2
Revision: 6d46717

Libraries:

• Qt 5.9.2
• libgcrypt 1.8.1

Operating system: Arch Linux
CPU architecture: x86_64
Kernel: linux 4.13.9-1-ARCH

Enabled extensions:

• KeePassHTTP
• Auto-Type
• YubiKey

[droidmonkey]

@tomgar not using any password is extremely dangerous.

[tomgar]

I know... just acknowledging the consequences of letting keepassxc remember the last dir in the file dialog.

So... I see that OP is using windows and I'm using linux... do I have to make another issue? Or fixing OP's issue will fix my issue too?

Thanks.

[droidmonkey]

It is a good question, no need for a new issue at this point. If we do fix this and it does not work on Linux then we can open a new issue specifically for Linux. However, that would likely be a Qt bug at that point.

[phoerious]

I think that is just expected behavior in any case. Remembering the last browsed directory is just a feature of any better file browser and it would be absolutely annoying if it didn't. We also can't really fix it. While it may be fixable for the Qt-internal dialog, we cannot guarantee that the system's dialog, which Qt uses instead if possible, will also honor that, unless maybe we hardcode a default location.