heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

  • sudo_su@feddit.de
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Lock the pc, if you leave and lock the db, if pc is locked, lid is closed and this is absolute a non-issue.

    German BSI is sometimes a little bit over motivated ;-)

    • NightDice@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      You don’t even need to lock the pc, locking the db is sufficient. The issue allows changing the settings on unlocked databases without needing to re-confirm (at least according to the article).