heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen
Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.
[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]
Can’t read German. What is required to perform this attack?
Ok I checked it up (CVE-2023-35866). It basically says an attacker may export everything if they have access to your unlocked database. Which seems… obvious? The project contributors says it’s not a vulnerability which I incline to agree.
You mean to say that if I leave my door unlocked, somebody might come in? This is shocking news!
Google translation into English:
https://www-heise-de.translate.goog/news/BSI-warnt-vor-KeePassXC-Schwachstellen-9192374.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp