But maybe that's just a misunderstanding.
I'm not sure why you say this isn't part of the autotype feature. It alternates typing and using the clipboard to fill password fields. It is an option to modify how autotype works. TCATO is literally "two channel autotype obfuscation". Provided of course you name your entry "". But if, like me, and probably you, you were to install a browser extension to set the title to "login to your account - ": then KeePass can easily find a match. If your bank sets the window title to "login to your account" then likely KeePass cannot find a unique match. Thus, it matches the entry name and KeePass can do autotype. We cannot see the browser window title, but I assume it is set to the website name. The entry that matched is named after the website shown for the autotype demo. I already explained in another post what is happening. If you are under the mistaken impression that KeePass looks for URL matches, then you probably have a browser extension installed and you've forgotten about it. "The entry has a window/sequence association, of which the window specifier matches the currently active window title."
"The title of the entry is a substring of the currently active window title." If you go read the page you linked, you will see that there are exactly two ways for an entry to be found, and both require a match of the window title. Can you understand the fears now regarding a browser extension literally installed for the sole purpose of handling passwords? This happened in the case of Stylish, which was a very popular Firefox extension with a large userbase until very recently it came out it was collecting sensitive data from any browser it was installed on. Browser extensions can be bought, and spyware added, with full access to the browser, with no warning. This is false as demonstrated by the Stylish addon mentioned explicitly in the post you're replying to. Copy-paste is vulnerable to malicious javascript on other websites, clipboard sniffers, accidental leakage through clipboard managers which store history of all copied entries, risk of cleartext getting swapped to the hard disk, misconfiguration of KeePass to not clear the clipboard so it's available to unintended apps, etc.Īnd you've responded to a post expressing a legitimate concern about browser extensions stealing data by stating that the fear is "retarded" because autotype/autofill can only leak data from malware installed on the PC. Autotype may be vulnerable to a keylogger.
0 kommentar(er)
