heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

  • hello_world
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    They could just delete the file to deny you access to your db?

    • blackstrat@lemmy.fwgx.uk
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      2 years ago

      Yeah, that’s fair. But a full db export that they could then email themselves. It’d be nice to have some more protection against that. Or Change the master password and email the encrypted file to themselves.