Hello,
I just installed it on Ubuntu (both the DLL and the PLGX), and initially had the problem shown here with both plugins:
#46
It would be good to have the solution (see also https://askubuntu.com/questions/127796/where-is-keepass2-plugins-directory ) documented for this plugin as a lot of linux users will likely run into this.

Once the plugin ran (both seem to work), the progress gets stuck on "Getting HaveIBeenPwned breach list..." After leaving it overnight, still no progress. There is no progress indicator running
Any ideas on whats wrong, or on where to get more details?
Thanks...

I got the same problem described in this issue, although I placed both HaveIBeenPwned.dll and Newtonsoft.Json.dll correctly in /usr/lib/keepass2/Plugins.
After clicking on "Check for breaches based on service/sites" this window appears and stays:

Keepass 2.38, Mono Debian 4.6.2.7+dfsg-1ubuntu1

The current implementation of a messagebox being shown after each breach detected leaves a lot to be desired.

Create a single results dialog that appears after the check has completed which lists all breached entries along with the breach details and potentially have a button to expire all or selected items.

I was wondering if you could provide a little more information / documentation.

For example, I assume you're checking the URL field against the known breaches. However, I don't know whether you're checking the notes field and custom string fields to identify other URLs. In my case, I use the keepasshttp plugin which uses a custom string field to store urls in which would be very useful. I also sometimes add other urls in the notes field.

Also, when checking if a particular account has been hacked, how do you construct the account name. Is it just the userid or userid@domain name (and again where would that domain name come from). Do you look for email addresses within the Notes field and custom string fields?

All of that would be REALLY helpful to know.

Thanks ... Jeff

KeePass 2.36 added a new API for accessing the Password Last Modified date.

In order to maintain backward compatibility with older versions of KeePass, the keepass2-haveibeenpwned version needs updating to match.

Is the Kayo.Moe breach included in this list? The breach name isn't included in the columns. And on the HIBP website, the offline downloads don't look like they contain September data yet. And I'm not sure whether your lookup is online or through a download and offline lookup.

Thanks ... Jeff

In KeePass I also have some entries that have no password in the "Password" field but other data (for example user-defined fields).
Have I Been Pwned tells me that the entry "Abandonia" is affected although I have no password stored here.
What about ignoring entries that do not have a password?

Investigate whether we can look at the entry history and compare the passwords to find out when it last changed.

• Relies on there being history entries
• Need to be able to compare passwords safely.

The plugin doesn't work if a proxy is neccessary to access the internet. At my home office (without proxy) the plugin works but at company site (with proxy) it doesn't.

The proxy doesn't need authentification.

kind regards

Oliver

We can hook into context menus for the groups listbox and the entries listbox. We can also get the selected group and the selection of entries. We can add a separator and a submenu like we do in "Tools" for all items, then only run the checks for the selected group, or selected entries.

This would require changes to BaseChecker to accept a PwGroup, but then the entire database check just passes database.RootGroup to that method:

BaseChecker.cs

public async Task<List<BreachedEntry>> CheckDatabase(bool expireEntries, bool oldEntriesOnly, bool ignoreDeleted, IProgress<ProgressItem> progressIndicator)
{
    return await CheckGroup(passwordDatabase.RootGroup, expireEntries, oldEntriesOnly, ignoreDeleted, progressIndicator);
}

public abstract Task<List<BreachedEntry>> CheckGroup(PwGroup group, bool expireEntries, bool oldEntriesOnly, bool ignoreDeleted, IProgress<ProgressItem> progressIndicator);

If this is something you are interested in, I can make a pull request.

I have some entries that are marked as "Expired" (Expiry Date is in the past) so KeePass shows a red "X" instead of the favicon.
These entries are also not considered when I press the Auto Type Hotkey.

In HIBP these expired entries are reported because the URL was hacked.
So please add an option "[X] Ignore any expired entries" that is checked by default.

Hey there Mr. Schofield - just giving you a heads up that the HIBP plugin causes the KeeAnywere not to be able to sync with Google Drive. Not a huge issue at all, but something to be aware of. I can follow up with details if you ever wanna zap this bug.

You really did an amazing plugin that helps a lot.
Both checkers find some entries but I recognized that some of these entries are in the folder "Recycle Bin" (I have a German name of that folder so I hope it is called "Recycle Bin").

It would be good to have in the dialog a 3rd checkbox called "Exclude Deleted entries".
This way less entries are found.
In addition you can add a new column "Group" in the results dialog that shows the Group of the entry.

The VERSION file indicates version 1.2.3 though in releases only version 1.2.2 is available. This results in Keepass2 always showing the "Update Check" window on start even that there are no updates.

I just updated two of my throwaway passwords through the breached passwords dialog and when I was done, I lost access to those services because as it turned out... Keepass didn't actually store the edited passwords.

The odd thing is - after editing the passwords, I double clicked the entries again to double check whether the passwords had really been changed. And they were there. So... somehow, the passwords get updated in the breached passwords dialog but aren't transferred to the actual database.
Might it have to do with the fact that Keepass locked itself in the background while I was editing the passwords?

Anyway, - if you can't ensure that the edited passwords actually are updated in the database on closing the dialog, I think that it would be great if you could warn the user in bold red text or not allow editing from that dialog from the get-go...

Please show in the result window in front of each entry the icon that is stored in KeePass.

Hello, could you add a right-click option to open the URL when showing the list of breached entries?

Would it be possible to, when showing the Breached Entries result dialog, to not "lock" the main window? I.e. so that I can still do stuff in KeePass while showing the results at the same time?

After having run this, I for example find stuff that is horribly outdated that I can just delete, but while the dialog is open I'm only able to edit an entry.

Also, while this dialog is open, I can't use KeePass to login anywhere... 🤔

I just downloaded 2.9.1. It doesn't seem to be downloading the HaveIBeenPwned file. I cancelled it after about 5 minutes. I'm not sure whether it's a problem with this version of the plugin or with the HaveIBeenPwned site or just my impatience. This is on Windows 10 (I tried rebooting but that didn't help).

Anyone else having this problem?

Thanks ... Jeff

KeePass is fully updated (2.39.1, installed on Win10x64) and I tried running a password check with this twice and both times it caused KeePass to crash with a generic, uninformative error ("KeePass has stopped working"). When clicking ok on the error, KeePass closes. I then tried again leaving the "Check all supported breaches" box unchecked and it worked fine, then did it again with the box checked (which I'd done the first two times, when it crashed) and it crashed again. The "Have I Been Pwned" database is the only one available in the dropdown box, so I'm guessing it's something with trying to check the Cloudbleed list with it not actually being available for this check that causes the problem.

Here's the windows error info in case it helps:

Faulting application name: KeePass.exe, version: 2.39.1.0, time stamp: 0x5af6a364
Faulting module name: clr.dll, version: 4.7.2650.0, time stamp: 0x5ab1c520
Exception code: 0xc00000fd
Fault offset: 0x0000000000198eee
Faulting process id: 0x5eac
Faulting application start time: 0x01d41aac3d0c1fa3
Faulting application path: C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: a4db35b8-86b4-4063-ab38-a18dc2b4fab1
Faulting package full name: 
Faulting package-relative application ID: 

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Application Error" /> 
  <EventID Qualifiers="0">1000</EventID> 
  <Level>2</Level> 
  <Task>100</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2018-07-14T15:18:53.224161000Z" /> 
  <EventRecordID>14972</EventRecordID> 
  <Channel>Application</Channel> 
  <Computer></Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>KeePass.exe</Data> 
  <Data>2.39.1.0</Data> 
  <Data>5af6a364</Data> 
  <Data>clr.dll</Data> 
  <Data>4.7.2650.0</Data> 
  <Data>5ab1c520</Data> 
  <Data>c00000fd</Data> 
  <Data>0000000000198eee</Data> 
  <Data>5eac</Data> 
  <Data>01d41aac3d0c1fa3</Data> 
  <Data>C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe</Data> 
  <Data>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll</Data> 
  <Data>a4db35b8-86b4-4063-ab38-a18dc2b4fab1</Data> 
  <Data /> 
  <Data /> 
  </EventData>
  </Event>

Fault bucket 1689976380295049409, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: KeePass.exe
P2: 2.39.1.0
P3: 5af6a364
P4: clr.dll
P5: 4.7.2650.0
P6: 5ab1c520
P7: c00000fd
P8: 0000000000198eee
P9: 
P10: 

Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE412.tmp.dmp
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC32.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC40.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC70.tmp.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_KeePass.exe_1ee26542689cf3482bf5c50ba30b56345c97dc_36bf2f78_062df78b

Analysis symbol: 
Rechecking for solution: 0
Report Id: a4db35b8-86b4-4063-ab38-a18dc2b4fab1
Report Status: 268435456

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Windows Error Reporting" /> 
  <EventID Qualifiers="0">1001</EventID> 
  <Level>4</Level> 
  <Task>0</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2018-07-14T15:18:58.737343000Z" /> 
  <EventRecordID>14973</EventRecordID> 
  <Channel>Application</Channel> 
  <Computer></Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>1689976380295049409</Data> 
  <Data>4</Data> 
  <Data>APPCRASH</Data> 
  <Data>Not available</Data> 
  <Data>0</Data> 
  <Data>KeePass.exe</Data> 
  <Data>2.39.1.0</Data> 
  <Data>5af6a364</Data> 
  <Data>clr.dll</Data> 
  <Data>4.7.2650.0</Data> 
  <Data>5ab1c520</Data> 
  <Data>c00000fd</Data> 
  <Data>0000000000198eee</Data> 
  <Data /> 
  <Data /> 
  <Data>\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE412.tmp.dmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC32.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC40.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC70.tmp.txt</Data> 
  <Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_KeePass.exe_1ee26542689cf3482bf5c50ba30b56345c97dc_36bf2f78_062df78b</Data> 
  <Data /> 
  <Data>0</Data> 
  <Data>a4db35b8-86b4-4063-ab38-a18dc2b4fab1</Data> 
  <Data>268435456</Data> 
  <Data>23b4e7552c313951e7740090624970c1</Data> 
  </EventData>
  </Event>

Maybe it would be useful to get in Contact with TroyHunt to get mentioned on the API-website.
But if Issue #56 is caused by the missing delay, then this issue should be fixed at first to be compliant with the API.

The Cloudbleed checker hangs when an entry's URL field contains valid data that the plugin cannot process. I have attached a screenshot of a cloudbleed checker hang on a valid path that is contained in an entry's URL field.

Note: The forward slash used as path separator in the screenshot does not affect the outcome.

Please let me resize the result window.
Very useful because the result list in Cloudbleed is not shown completely, so I want to adjust the hight of the window.

Please implement a full breach check, where "Cloudbleed" and "Have I Been Pwned" are both checked.
In the result window you already have column "Breach Name" where you show "Cloudbleed" or the name of the breach.
Very useful because it is just one action and I see if one entry is affected by multiple breaches.

When running the utility against my DB I am seeing it say password changed date incorrectly.
For example, 1 entry says it was changed 5/25/2014 but that's the first version/date in history. This was changed 4 more times since then including 2017. That date is not reflected and the entry is incorrectly showing as breached.

Also,
This same example account is showing 3 times with the same password changed date on the list for the same breach date/name.

This example account has been updated since the breach date and shouldn't even show at all. This is not the only account I have doing this.

I have quite a large KeePass database and about half-way through the run on checking Usernames it appears to hit an error which it can't recover from (you can click continue but it just sits there).

I'm guessing it's a malformed/invalid or blank username, but I can't actually see which entry it's getting caught on.

I have attached logs and screenshot:
KP_Error.txt

Provide a PGLX file, more portable and easier to install as plugin, also easier to package on other systems like on Linux.
http://keepass.info/help/v2_dev/plg_index.html#plgx

Hi there,

I use KeePass from my office PC, which is connected to the internet via a proxy which requires authentication. At the moment, the plugin causes a .NET exception as below :

I've tried overriding the proxy in KeePass itself to use a local CNTLM instance I use for other software which doesn't understand how to authenticate with our proxy infrastructure, however it seems the plugin sticks to only using the system proxy, and therefore always generates this exception.

There is no way of telling:

• When the plugin is downloading data
• Processing entries

Hi,

at first thank you very much for the plug-in. Ever since I knew HIBP I thought of such a plug.

I have installed it and tried to use it. Unfortunately despite the fact there are pwned passwords in my database the plug did not list them at all. Does it check passwords or accounts/e-mails only?

Have a nice day!

regards
p.h.

Thank you very much for this plugin.

I have several subfolders under the Recycle Bin for entries I need to do certain things with before deleting them. Even though I have "Ignore Deleted Entries", the entries in subfolders of the recycle bin still get checked.

Thanks ... Jeff

Everything happens in the UI thread at present which locks up the UI when downloading data and scanning entries.

Downloading needs to be made async, and processing needs to be in its own thread.

There's a cancel button on the progress box during the check, but it's grayed out, preventing you from actually canceling the operation. So if it's started accidentally with the wrong settings, you have to wait for it to finish, change the settings, then run it again.

As the title state, I get a pop up that tells me it is incompatible with the current version of keepass

After performing a Cloudbleed check I have many results in my list.
So please add in the results-dialog an counter that shows me how many entries were found.

The last breach in my list of breached entries is one for carnival.com. However, using the haveIBeenPwned website, I can't find an entry for carnival, nor one for the userid in my KeePass entry, nor one for any emails in that KeePass entry. It would be helpful if the breach list contained a column for the breach name as reported by HaveIBeenPwned.

Thanks ... Jeff

Encountering Unhandled Exception if a username starts with #.

I received this error when running the plugin, after clicking OK in the settings prompt for the plugin. I haven't previously used the plugin, so I do not know if this is a temporary issue, but https://haveibeenpwned.com/ is working. I believe it could be an HTTP 403.

Let me know if I can provide more relevant information.

I love this app. But I have a couple of Feature Requests that I hope you can consider:

1. I usually want to sort the list by either password, username, (and occasionally by the date I changed the password). So obviously, I would need those columns in the list and either have the list sortable or exportable to a spreadsheet (even though I hate the idea of exporting my passwords). Maybe the export would have the option of whether or not to export the passwords. Actually, a 3rd option might be to store the breach information as other fields within KeePass and then we can configure KeePass to show additional columns and sort by those. That would be the most flexible way.

2. I have a couple of passwords I use for throw-away accounts (accounts that don't contain anything personal). It would be nice to be able to have a list of passwords to ignore in the "breaches based on passwords". Or, if that's not feasible, I could filter them out in a spreadsheet if I could export the list to a spreadsheet, along with the password.

Thanks for considering these thoughts ... Jeff

Add a check for last modified on the cloudbleed cache to invalidate it so it can be refreshed

On linux with mono only minimizes the windows.

Envoriment:
Archlinux
keepass - 2.35
mono - 4.8.0.495

I am running Keepass2 (Version 2.38) on Ubuntu 18.04 and getting the error "Incompatible with the current Keepass version" at startup of Keepass. I haven't found information for this plugin about which version of Keepass should be compatible. Do I have the wrong version or is this an issue?

Create a version file and reference it in the project

It didn't use to be like this and it makes it harder to understand if we already changed that password.

When I lookup breaches it always gives me that the breach date is "today" for HIBP breaches, which is obviously not true, but without the actual breach date how can I compare it with the date of last change?

Hi,

After starting the plugin single time I am observing multiple instances of the cloudbleed.txt file in the file system. All files are identical in size and have exactly the same timestamp from today.

See the screenshot

Please advise

Looking through your source, I see this abomination:

Anyone reading this should avoid the "Check for breaches based on password" menu item until this flaw has been fully fixed!

It would also be wise to wait until the security of this addon has been verified by multiple outside sources.

to Andrew or whoever works on this issue

I'm not sure what the best way to proceed patching this is, but we might need to get with Troy from haveibeenpwned.com and ask him to use a better hashing algorithm (Argon?). However, unless you collaborate on the salt (or in this case I guess it would be a pepper), I don't see a secure way to do this. Perhaps the better way is to take the SHA1 hashes (yes, that gigantic file) and download them, then hash and compare locally.

Anyway, lots more thinking needs to go into this, and checking it over with the folks at https://security.stackexchange.com would be pretty helpful as well.

Alter the reference so it will work with any supported version of KeePass 2

I KeePass I also manage my software licenses for applications.
So in the field "Password" I have the CD-Key of the application.
At some entries I also have stored the URL and downloaded the favicon.

One of these URLs (Trillian) had a breach and HIBP reports this to me.
But here the "Password" is the licence information of the application.

So it would be cool when I have a checkbox at the entry "Ignore at HIBP check".

Attempting to check for breaches in mono fails silently (as most errors in keepass seem to), showing an eternal attempt to connect to server with no visible signs of even a connection attempt through either netstat or wireshark. Checking based on site/service shows the bar just striping eternally and checking based on username shows an empty progress bar. In both cases the cancel button is unusable, but the checking window can be closed just fine. No other plugins show signs of having any issue with connections.

Keepass 2.38, kp2-hibp 1.2.4.0 (mono dll version), mono 5.10.1.47

Hi Andrew 👋

I tried to install yesterday your plugin, but KeePass (v2.35) told me that it was not compatible with the version expected.

I'm running a KeePass installed from repositories (Debian), and v2.37 is not available atm.

Does the plugin really need a higher version ? Or is it a unexpected behavior ?

Thanks,
Bye 🙇