Skip to content
This repository has been archived by the owner on Dec 15, 2022. It is now read-only.

[Windows] Old credential comes back after current one is deleted #455

Open
1 task
xsq007 opened this issue Mar 30, 2022 · 3 comments
Open
1 task

[Windows] Old credential comes back after current one is deleted #455

xsq007 opened this issue Mar 30, 2022 · 3 comments

Comments

@xsq007
Copy link

xsq007 commented Mar 30, 2022

Prerequisites

Description

A value was set for some service/account for keytar 4.x. Then migrate keytar to 7.x and set another value for same service/account. Delete this service/account and the old value set in keytar-4.x came back after rebooting the computer.

Steps to Reproduce

  1. npm i keytar@^4
  2. keytar.setPassword('service', 'account', '1')
  3. npm i keytar@^7
  4. keytar.setPassword('service', 'account', '2')
  5. keytar.deletePassword('service', 'account')
  6. reboot computer
  7. Check Windows Credential Manager and service/account credential still exists and its value is 1.

Expected behavior:
There should be no service/account credential in Windows Credential Manager after calling deletePassword.

Actual behavior:
The old one set in keytar-4.x came back.

Reproduces how often:
Every time

Versions

Additional Information

@Nantris
Copy link

Nantris commented Apr 20, 2022

Windows version?

@glenn2223
Copy link

Just an FYI

Mailspring uses keytar and there are various reports of issues with passwords, i.e. being old or reset to a previous one. https://community.getmailspring.com/search?q=password%20%23bugs

Most seem to be related to Windows OS

@Nantris
Copy link

Nantris commented Dec 12, 2022

If anyone is using key-tar in Electron; Electron has its own similar mechanism now. I forget the name though.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants