Free and Open Source Software

17915 readers

53 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

BSI warnt vor KeePassXC-Schwachstellen / BSI warns of vulnerabilities in the password manager KeePassXC (www.heise.de)

submitted 1 year ago by [email protected] to c/[email protected]

21 comments fedilink hide all child comments

[email protected] - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

you are viewing a single comment's thread
view the rest of the comments

[+] [email protected] 1 points 1 year ago (5 children)

[deleted]

[–] [email protected] 2 points 1 year ago (4 children)

It's a denial of service vulnerability. Requiring the existing master password to change the master password will stop a drive by miscreant denying you access to your db. And password change system I've ever used has required the existing password to he entered first.

Likewise a full db export feel like a big enough deal to require authorization.

If you're careful and lock your machine when you leave it then you should be pretty safe. I'm surprised these aren't already features.

[–] [email protected] 0 points 1 year ago (1 children)

They could just delete the file to deny you access to your db?

[–] [email protected] 1 points 1 year ago

Yeah, that's fair. But a full db export that they could then email themselves. It'd be nice to have some more protection against that. Or Change the master password and email the encrypted file to themselves.

load more comments (2 replies)