KeePass now under fire


Hmmm, yeah wrote:

The Federal Cyber Emergency Team of Belgium,, released a warning regarding KeePass. According to the warning, attackers with write access to the KeePass configuration file may modify it with triggers to export the entire password database in cleartext without user confirmation.

Heh, yeah you could see where that could be a bit of an issue for password security.

Live by open source, die by open source.

In fairness, note that KeePass developers deny the validity of the warning.

"141 could draw faster than he, but Irving was looking for 143..."

Whew. Bitwarden is the only

Whew. Bitwarden is the only thing I recommend to friends and family.



KeePass fix available

John from PA


Thanks for posting this. I had already updated to the latest version though.

If they dnied it, why would

If they denied it, why would they have issued a fix for it?
Last memo I saw was that it was fixed.