Kee fills in textboxes undesiredly

Kee browser extension
#1

It seems that Kee automatically inserts a user name and/or password when this is not desired.
I have at least one scenario where I can reproduce the behaviour (I’m using Firefox).
In a webform, I have a textbox labelled “Name” (id: id_name) and another one labelled “Tags” (id: id_tags), there is no password textbox anywhere.
When both boxes are empty, Kee will insert the username (as there is a KeePass entry for the website) but not the password.
Kee will not enter anything if both textboxes already contain anything.

This is the by far the least obnoxious scenario - I’ve had times when I had to close KeePass as otherwise Kee would enter credentials when this was unwanted. Particularly, if there are many input fields in a web form, you don’t even realize that Kee overwrote real data (which has nothing to do with credentials!) with your username and password. This is very cruel - this way my password made it into some dumb website’s database without me knowing!

Can anyone confirm this behaviour?

#2

We heard of an instance of a form field being overwritten earlier this year so prevented this from happening with the release of version 3.2.7.

It’s not clear whether this is the problem you are having, whether you are using the latest version when experiencing the problem, or whether there is actually more than one problem over a longer time period.

If you want to tell Kee that for a specific website (or page on that website) it should ignore the usual expectation that a field with “name” in its id is a username field for a sign-in form, set a per-site override. See: Whitelisting or blacklisting forms

1 Like
#3

Cheers for replying!

White-listing a website doesn’t really help as this happened on several sites.
Would it also help if I changed the setting When Kee chooses a matching login for a standard form, Kee should from Fill the form to Do nothing for all websites? I suppose I could very well live with having to always choose a logon when required.
EDIT: no, that doesn’t help, just tried it out. If I change the setting, Kee won’t even offer me to provide credentials, it seems you then have to go through the Kee menu and choose Matched login entries to fill the form, that’s quite cumbersome.

Also, how do I determine which version I’m running? Can’t see anything in the Kee menu in Firefox.

#4

The version information is handled by your web browser so take a look at the Firefox add-ons tab or Chrome extensions tab to see which version you have installed.

You might find it a bit less cumbersome to use the Ctrl+Shift+2 keyboard shortcut to show the list of sites without needing to use the Kee menu.

#5

I’m running V3.2.7 (May 17, 2019). FWIW, I’ve just seen that Kee fills in my email address in a Facebook search textbox. Not the general one, but one that shows up if you go to a person’s profile and then click the About tab on the top. On the Friends header you’ll find a search textbox which gets filled with the username that I have stored for Facebook.

#6

I was actually just going to create a new topic because of frustrations with the same thing.
For me, the Facebook event page attendee list is a field that is also mis-detected.

Facebook messenger sidebar search field has been an issue over time (not recently, maybe changed?)

It would be far less frustrating if it didn’t keep filling in the field polled every 5 seconds or so.

1 Like
#7

Yes, I’ve seen that too shortly after I posted here!

#8

I get this on Smugmug.com. Username is auto-entered on text boxes, it will replace preexisting text, example when I am editing settings for a gallery it attempts to rename the gallery by filling my username into the gallery name box.

#9

@luckyrat: can you see into this again, please? Until this gets fixed it means that we usually have to close down KeePass in order to avoid the effects of this bug …

#10

Sorry but I am unable to reproduce any of the problems described here. So for the moment, I can only presume that your whitelist form or form field configurations are set up in a way that forces these text fields to match. Or your blacklist doesn’t contain the usual entries (I have “search” in all, “q” in both text field boxes and “query” in “text field name”).

#11

99% of my Keepass entries are stock, meaning I have only the username and password in them, nothing else like whitelist or blacklist entries, form fields or whatever. The same applies to Keepass itself - I didn’t change anything to the way Keepass (or KeePassRPC/Kee) works.
As a matter of fact I don’t even know where I would have to administer black- and whitelists.

#12

I had another thought overnight. I might be running an experimental version of Kee on the device I ran those tests on - if so, I have a vague memory of implementing a change to the whitelist and blacklist handling to make it case insensitive. So until I can double check that and release a new version (probably not all that soon), you might find that adding the same words with an alternative case to the blacklist will help. E.g. “Search” and “SEARCH” would be good bets for the times that this is occurring on a search or filter field.

#13

I’ve added various entries (both in English and German) to the blacklist (BTW: found by clicking the Kee icon on the top right of your browser window, then clicking Options).

At first I assumed it was working as Kee didn’t fill in the search box in the Facebook chat search textbox (found at the lower right, BTW) for a while. But now I’m back to normal - Kee fills the search box with my user name every few seconds. I give up on this.

I’ve now ticked the “Hide from Kee” checkbox in Keepass (on the Kee tab) for the time being.

#14

I’m having the same problems as others have mentioned. Like my FreeNAS server, where Kee autofills some fields, which could screw up its configuration if I’m not careful.

An option to ignore/add field to blacklist in the drop down list could be helpful.

Edited to add: Kee really shouldn’t autofill anything when there’s already a value there. Like my example with FreeNAS it could really screw stuff up, I see it also when I go to options/configurations on my accounts on several websites.

#15

I am observing similar behavior on Azure Portal, when trying to retrieve secret value from Azure Key vault.

As I have login for Azure portal saved, Kee fills credentials when logging in, which is desired. However, when opening key vault, Kee fills secret input field and destroys data.

I can disable autofill globally, but Kee does not allow to autofill data per site. And form ID’s looks randomly generated so I doubt it will be feasible to add those to exceptions. The only way I have found is to prevent autofill via password entry in KeePass directly, which is not intuitive

<input class="azc-input azc-formControl azc-validation-border azc-disabled fxs-br-dirty" 
type="password" autocomplete="off" 
data-bind="value: $ctl._value, 
    attr: { placeholder: data.emptyValueText, tabindex: $tabIndex }, 
    css: { &quot;fxs-br-error&quot;: data.validationState() === 1, &quot;fxs-br-dirty&quot;: data.dirty(), &quot;azc-disabled&quot;: $disabled, &quot;azc-br-focused&quot;: data.focused() }, 
        valueUpdate: &quot;input&quot;" disabled="" tabindex="-1" data-validatable-control-valid="true" data-validatable-control-validation-state="none" 
        aria-describedby="azc-form-guid-6577c36d-3e08-42f1-b857-787922af4194-err" 
        id="azc-form-guid-6577c36d-3e08-42f1-b857-787922af4195-for" 
        aria-invalid="false" style="transition: none 0s ease 0s !important; 
        box-shadow: initial !important; 
        background-image: url(&quot;data:image/png;base64,IMAGE-DATA-CUT&quot;) !important; 
        background-repeat: no-repeat !important; background-attachment: scroll !important; 
        background-size: 16px 16px !important; background-position: calc(100% - 4px) 50% !important;">
#16

Hello,
I am replying because I also experience that kee auto fills some forms overwriting values that already are filled in. (In my case on several forms of Gitlab.com.)
I know where the blacklist/whitelist configuration is and how to use it. But I always have some trouble figuring out the values that I have to fill in to make things work.
Hopefully one of the following suggestions is not to hard to implement (I am clueless on how easy or difficult it might be.)

  • Do not automatically overwrite a value if an edit box is already filled in.
  • Add an option to the drop down context menu that allows me to add this field to the black list.

I love the software and hope these remarks are useful.
Thanks

#17

Hey I have the same issue in our site https://highrisk.solutions/ even when the box asks for another information username is entered automatically.

#18

Since the problem has been around for more than half a year, I’ve now moved on to KeePassXC