Bug 1909485

Summary: keepass : manipulated credentials leaked in clear text in system journal when using clipboard
Product: [Fedora] Fedora Reporter: TBO <thierry.boivin>
Component: keepassAssignee: Peter Oliver <mavit>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 33CC: mailinglists, mavit
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-20 14:45:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description TBO 2020-12-20 11:48:48 UTC 
Description of problem:

content of clipboard copy actions (ctrl+C/ ctrl+B) made within keepass are recorded in clear in journalctl !!!

keepass admins say this is related to the fedora environment
discussion at keepass forum: 
https://sourceforge.net/p/keepass/discussion/329220/thread/33d6afdc/

Version-Release number of selected component:
observed on fresh fedora 33 + keepass 2.46 fedora package

How reproducible: reproducible

open keepass program
select an entry : 
perform a ctrl+B or ctrl+C at this level or alternatively edit the entry, select username or password text, then ctrl+C 
repeat the operation two times more (for some other entries for example)
-> the third time, the first clipped text is recorded in clear in journal 

Delay effect :
CtrC (clipboard is C1)
CtrC (clipboard is C2)
CtrC (clipboard is C3)
-> Display of C1 in journal
Ctrc (clipboard is C4)
-> Display of C2 in journal
...

example of recorded message:
dec. 02 19:11:58 localhost.localdomain keepass.desktop[6230]:LEAKEDINFO


Actual results: 
clipboarded data recorded in clear in system journal

Expected results:
No message recorded in system journal
Comment 1 Peter Oliver 2020-12-20 14:45:53 UTC 

*** This bug has been marked as a duplicate of bug 1891592 ***