Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't reset configuration password #925

Closed
p1r473 opened this issue Jun 19, 2021 · 3 comments
Closed

Can't reset configuration password #925

p1r473 opened this issue Jun 19, 2021 · 3 comments
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version

Comments

@p1r473
Copy link

p1r473 commented Jun 19, 2021
edited
Loading

Describe the bug
Hello,
I can't find a way to remove the configuration password even after a full uninstallation
I set a 100 character password that isnt working. Either the max password length is 64, or I saved it incorrectly in my password manager. Either way I am locked out
I have tried to uninstall it even with RevoUninstaller which also deletes leftover registry keys
I don't really want to reformat so I can resume using Sandboxie

To Reproduce
Steps to reproduce the behavior:

  1. Set 100 character configuration password, or just forget your password
  2. Can't log in because the app might have a hardcoded 64 character limit or because you forgot password
  3. Uninstall
  4. Reinstall
  5. Password remains, still locked out

Expected behavior
Configuration password should be removed on uninstallation

Screenshots
image

If you can't help me, I will have to reformat, and that is not really ideal
System details and installed software (please provide the following information):

  • What is your Windows edition and version? Windows 10 X64
  • What is your current Sandboxie edition and version? (i.e. Sandboxie Plus 0.7.2). Sandboxie Plus 0.8.2

Additional context
The reason I may believe my password length is the issue is because I found in the code a hardcoded limit of 64 characters and I used a 100 character password

         wmemcpy(req->new_password, NewPassword66, 64);
         req->new_password[65] = L'\0';

I've even tried to log in with the first 64 characters of my 100 character password but still locked out
@p1r473 p1r473 changed the title Can't reset forgotten configuration password Can't reset configuration password Jun 19, 2021
@p1r473
Copy link
Author

p1r473 commented Jun 19, 2021
edited
Loading

I've tried deleting the sandboxie.ini files where EditPassword= was saved and then uninstalled and that seemed to do the trick- problem solved.

I'd alert users of the 64 character password limit, and provide error checking for password length.

@DavidXanatos
Copy link
Member

There actually is a simple way around that use the Stop All command from the Sandman UI to stop the service and the driver,
and that disables the protection of sandboxie.ini than you can edit it with notepad and restart sandboxie

This password feature is really something rather to keep the lid on non administrative users.

You could probably also use a tool like LockHunter to unlock the sandboxie.ini edit it and reboot the pc.

The architecture is not meant to provide adequate defenses against users with administrative privileges.

@DavidXanatos DavidXanatos added the Status: Fixed in Next Build Fixed in the next Sandboxie version label Jun 19, 2021
@DavidXanatos
Copy link
Member

ps will add the check to the next build

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavidXanatos @p1r473