Skip to content

Commander 18.0.1 and later falsely emit passphrase policy violations #2223

Description

@jayhendren

For Commander versions 18.0.0 and earlier, I can create a record via CLI without issue:

$ keeper --version
Keeper Commander, version 18.0.0
$ keeper record-add --config='~/.keeper/config.json' --folder='User Passwords' --title='test' --record-type=login --self-destruct='14d' login='test' password='r4and0m_$tr!ng'
https://govcloud.keepersecurity.us/vault/share#********

However, starting in 18.0.1, Commander reports password policy violations for the same exact record:

$ keeper --version
Keeper Commander, version 18.0.1
$ keeper record-add --config='~/.keeper/config.json' --folder='User Passwords' --title='test' --record-type=login --self-destruct='14d' login='test' password='r4and0m_$tr!ng'
Password must be at least 20 characters (got 14).
Use --force to bypass password policy warnings.

Interestingly, the reported policy violation changes in 18.0.9 and later:

$ keeper --version
Keeper Commander, version 18.0.9
$ keeper record-add --config='~/.keeper/config.json' --folder='User Passwords' --title='test' --record-type=login --self-destruct='14d' login='test' password='r4and0m_$tr!ng'
Passphrase must contain at least 5 words (got 2).
Each passphrase word must contain at least 3 letters.
Use --force to bypass password policy warnings.

We do not have any password/passphrase policies enabled in our Keeper account, so these policy violation reports are false, and the web UI and desktop GUI do not report any policy violations when creating this same record.. But even if there were policies in place, I would expect all versions of the Commander client to report the same policy violations, not different violations depending on the client, since policies are set in the account side, not on the client side.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions