The Federal Cyber Emergency Team of Belgium, cert.be, released a warning regarding KeePass. According to the warning, attackers with write access to the KeePass configuration file may modify it with triggers to export the entire password database in cleartext without user confirmation.
Heh, yeah you could see where that could be a bit of an issue for password security.
Live by open source, die by open source.
In fairness, note that KeePass developers deny the validity of the warning.
-- "141 could draw faster than he, but Irving was looking for 143..."
Hmmm, yeah
The Federal Cyber Emergency Team of Belgium, cert.be, released a warning regarding KeePass. According to the warning, attackers with write access to the KeePass configuration file may modify it with triggers to export the entire password database in cleartext without user confirmation.
Heh, yeah you could see where that could be a bit of an issue for password security.
Live by open source, die by open source.
In fairness, note that KeePass developers deny the validity of the warning.
"141 could draw faster than he, but Irving was looking for 143..."
Whew. Bitwarden is the only
Whew. Bitwarden is the only thing I recommend to friends and family.
thanks
thanks
KeePass fix available
See https://www.ghacks.net/2023/02/10/keepass-2-53-1-password-ma...
John from PA
Thanks
Thanks for posting this. I had already updated to the latest version though.
If they dnied it, why would
If they denied it, why would they have issued a fix for it?
Last memo I saw was that it was fixed.