BSI warnt vor KeePassXC-Schwachstellen
www.heise.de
Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

  • itsame@lemmy.world
    1·
    2 years ago

    Attackers can manipulate files or the master password without authentication confirmation.

    This is in my view incorrect. It should be: If an attacker gains access to a computer where a user has unlocked the KeePass DB, the attacker has access to all data and can switch off 2FA and change password, the software does not ask to enter the password again.

    The key is that the user must unlock the data first. It is a vulnerability, but the way it is classified by BSI is questionable.