-
-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Matching against domain goes too far #1820
Comments
Same issue here, the autofill provides wrong entries for the following examples :
|
Yeah, this looks wrong and even more odd. I wonder if there is a specific logic for matching IP addresses to cause these results.
This is okay if you don't have the option "Subdomain search" enabled. The idea behind this is presumably that many domains use the same credentials on different subdomains like www. or login., for example. The problem is that it also matches sub1mydomain.com which is not a sub-domain of mydomain at all. |
When the setting "Subdomain search" is disabled, entries are suggested that match only the last part of the domain name.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
An entry with https://box.com might match any subdomain like example.box.com but not a domain that just has box.com at the end. While enabling the "Subdomain search" setting prevents this from happening, there should be no match because these domains are completely unrelated and it only benefits phishing.
KeePass Database
Irrelevant.
KeePassDX:
Android:
The text was updated successfully, but these errors were encountered: