1Password keyboard remains logged in - LG G3.

Hello AgileBits team,

I discovered a bug which was a startling security flaw. I went to log in to my BoxCrypter app on my phone using the 1Password keyboard, only to find I did not need to type my 1Password password to access all of my passwords (more than 24 hours after I had logged in). My 1Password app it set to not lock on exit, but to lock after 3 minutes. While my 1Password app locks up, my keyboard extension remains logged in seemingly indefinitely.

I ran a few tests. I was able to do this multiple times over the past 3 days. I have not tried this with anything other than BoxCrypter. If I log in to my 1Password app and click 'Exit' (rather than wait the 3 minutes), it does log me out of the keyboard extension as well. If I restart my phone, it logs me out of the keyboard extension.

I use an LG G3 (VS985 4G LTE), Android vesion 6.0. (Perhaps it's just a bug on my phone alone?)

Let me know if you want me to try anything else. For now, I have been logging out using the proper 'Exit'.

-Mike


1Password Version: 6.4
Extension Version: Not Provided
OS Version: Android LG-G3
Sync Type: Google Drive

Comments

  • As a followup, after posting this last night and restarting my phone, I have not been able to create this.

  • brentybrenty

    Team Member

    @MikePouch: That's really odd. Thanks for the update! It sounds like it may have been a temporary glitch and restarting helped, but we'll keep an eye out for this. If it happens again, please immediately send a diagnostic report so we can investigate fully. Thank you for bringing this up!

  • It happened again last night, and I was able to pull the diagnostic and email it over.

    I tried it this time with the Chrome browser app and it worked (so it isn't an issue exclusive with the Boxcrypter app). It has been locking properly again this morning, though. I will keep an eye an this and see if I can figure out if there is something that is keeping it unlocked, and also if something is triggering it to lock up again.

    Thanks for your help!

  • periperi

    Team Member

    Thanks @MikePouch! I'll take a look at the report you sent and see if I'm able to reproduce the issue on my end. I'll be in touch via email shortly. :)
    ref: TBH-13515-355

This discussion has been closed.