keepassxc-browser
keepassxc-browser copied to clipboard
keepassxreboot
Multiple passwords presented despite only one matching URL
I have two passwords set up for my ASUS router. For one the URL is http://192.168.1.1/Main_Login.asp. For the other the URL is http://192.168.1.1/Advanced_OpenVPNClient_Content.asp. On http://192.168.1.1/Advanced_OpenVPNClient_Content.asp, the second password is correctly auto-filled. On http://192.168.1.1/Main_Login.asp, both passwords are presented, and neither is auto-filled.
Expected Behavior
Only one password is presented and auto-filled on http://192.168.1.1/Main_Login.asp.
Current Behavior
Two passwords are presented on http://192.168.1.1/Main_Login.asp.
Steps to Reproduce (for bugs)
- Create router passwords as described above.
- Navigate to the URLs above.
Debug info
KeePassXC - 2.7.7 KeePassXC-Browser - 1.9.0.2 Operating system: Mac Browser: Firefox
This is expected, because at this point only the domain (here's the IP address) only matters if no paths are used.
Sorry I don't follow - both URLs use a path, and the second one (http://192.168.1.1/Advanced_OpenVPNClient_Content.asp) correctly auto-fills the username and password.
That entry URL will match everything under http://192.168.1.1/*. If you use paths in the URL and in your local server, the matching will work correctly. Meaning https://192.168.1.1/path will not be matched with https://192.168.1.1/secondpath.
I'm still not following. I'm using paths in the URLs and my browser:
http://192.168.1.1/Main_Login.asp- path is/Main_Login.asphttp://192.168.1.1/Advanced_OpenVPNClient_Content.asp- path is/Advanced_OpenVPNClient_Content.asp
For both, I use the full path in the password entry (NOT just http://192.168.1.1) and when I navigate to the pages in my browser. The first entry does not auto-fill on the login page but the second does on the OpenVPN page.
What I mean there's a difference between:
http://192.168.1.1/main/Main_Login.asp and http://192.168.1.1/anotherAdvanced_OpenVPNClient_Content.asp
But if you serve both files under http://192.168.1.1 there's no difference and both entries are returned.
Defining an exact URL is done here for KeePassXC 2.8.0: https://github.com/keepassxreboot/keepassxc/pull/9835
Are you referring to having a folder between the domain and the file? Again, how does that explain why the second URL auto-fills correctly? The PR you linked is in draft state - what am I supposed to do with it?
Are you using http://192.168.1.1 as your entry URL?
The PR I linked just addresses an issue about exact URL's, if you want certain entries to specify them.
No, I'm using the full paths as I stated. (Unfortunately KeePass seems to somehow be blocking me from taking screenshots of it. Apparently I'm not intelligent enough to not take an image of my password and only the URL, so Keepass needs to block me from all screenshots. I don't see a setting to disable this, so I'm unable to show the URLs other than as stated in my earlier comments.) The PR is not merged, so whatever changes it is making are not available in the downloaded version I am using, so what changes should I make in my entries?
Ok, I understand. I'll take a look at the issue and try to reproduce it meyself.
OK thank you.
On Mar 30, 2024, at 11:53 AM, Sami Vänttinen @.***> wrote:
Ok, I understand. I'll take a look at the issue and try to reproduce it meyself.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.