heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

  • sudo_su
    link
    fedilink
    61 year ago

    Lock the pc, if you leave and lock the db, if pc is locked, lid is closed and this is absolute a non-issue.

    German BSI is sometimes a little bit over motivated ;-)

    • NightDice
      link
      fedilink
      11 year ago

      You don’t even need to lock the pc, locking the db is sufficient. The issue allows changing the settings on unlocked databases without needing to re-confirm (at least according to the article).