Have anyone had to use email logon link today?

I’ve strange behavior w/ KeePassXC, this forum & second PC.
I was copying KeePassXC db to another PC (qubes VM) from fedora laptop by hands.
Then I’ve tried to logon with forum password from the KeePassXC database copied via keyboard to another qube. The passphrase is autogenerated one - I refuse to enter it manually - too long. So this is always either copy-paste either autofill w/ browser or KeePassXC. The forum didn’t get me in. I’ve logged out on the fedora laptop & made attempt to logon w/ password saved in KeePassXC on that fedora laptop. The forum again (like on other PC) told that the password is wrong. I’m totally logged out now & have no clue what’s wrong with password. Then I’ve used the email logon link from the forum logon screen & after logging in, I sent password reset link to my primary email. I used the link to logon on fedora laptop and right after this I sent password reset link & changed the forum password to the same value that I had autocompleted by KeePassXC. After that I used to logon from qube with the value saved in KeePassXC db copied there previously. I’ve got successful logon. Finally I’m sure that there’re 3 variants - either:

  1. there’re some tricks inside the forum code itself, that prevent logons in some cases & I triggered such a case when attempted to logon from another PC.
  2. someone changed my password in qubes forum & I’ve got it back set to the same old value.
  3. my home laptop is compromized & someone updated keepassXC & firefox password store both with the wrong value for the forum & I’ve changed password to the forum to that substituted by attacker value.

The 3) seem to have very low probability. Anyway the situation looks strange for me. Subj?

Weird. If it’s a bug on discourse, it’s better addressed at meta.discourse.org which is where the developers of the forum software hang around and receive bug reports. However, I suspect in this case there isn’t a lot of evidence to debug it.

If you’re concerned about this, you can enable two-factor authentication.

1 Like