(KeePassXC 2.7.9) HMAC-SHA1 Challenge Response causes DB to Malfunction

[chamele0n1c]

Overview

So I configured HMAC-SHA1 challenge response on one of my YubiKey 5C slots & added it for additional security to my KDBX 4 DB. After doing so, when I went back to the DB Security options and changed nothing & tried to exit I was greeted with a windows saying "No password set", the body of which was "WARNING! You have not set a password. Using a database without a password is strongly discouraged!". I was like "huh?" so I ignore it and go figure, it literally unset my master key. I double verified by doing it again & removing my challenge response and tried to exist and got greeted with "You must set at least one encryption key..."

Steps to Reproduce

1. Database -> Database Security -> Security -> Challenge Response
2. Add YubiKey 5C FIPS Slot 2 configured for HMAC-SHA1
3. Click on OK
4. Greeted with "WARNING! You have not set a password. Using a database without a password is strongly discouraged!"

Expected Behavior

My master key shouldn't be unset by adding a challenge-response

Actual Behavior

My Master Key (password) gets removed when adding my YubiKey

Context

DEBUG INFO

KeePassXC - Version 2.7.9
Revision: 8f6dd13

Qt 5.15.11
Debugging mode is disabled.

Operating system: Windows 11 Version 2009
CPU architecture: x86_64
Kernel: winnt 10.0.22631

Enabled extensions:

• Auto-Type
• Browser Integration
• Passkeys
• SSH Agent
• KeeShare
• YubiKey
• Quick Unlock

Cryptographic libraries:

• Botan 3.1.1

Operating System: Win11 Pro (x64) 23H2 22631.4460
Desktop Env: N/A
Windowing System: N/A

[droidmonkey]

This has been fixed for next release. #11001