heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

  • Eufalconimorph@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    No, requiring the existing master password won’t help. A drive by miscreant with access to an unlocked computer with an unlocked DB can delete all the DB entries. If the DB is locked they can just delete the DB file. KeePassXC can’t defend against this, that takes properly functioning versioned backups.

    • blackstrat@lemmy.fwgx.uk
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      yeah, maybe denial of service isn’t it. I replied to a comment above why I think it should still be protected functionality to help prevent data leak.