heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

  • NightDice@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    You don’t even need to lock the pc, locking the db is sufficient. The issue allows changing the settings on unlocked databases without needing to re-confirm (at least according to the article).