German BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation

www.heise.de

German BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation

www.heise.de

sudo_su@feddit.deM to

KeePass@feddit.deEnglish · 1 year ago

BSI warnt vor KeePassXC-Schwachstellen

www.heise.de

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

According to the article, a attacker can manipulate the master password on unlocked database, without to re-nter credentials. A attacker can also extract/export a database without confirmation.

As long the database us locked, this should be no issue.

CVE-2023-35866

You must log in or register to comment.

Chat