already pointed out to me on Februthat the KeePass developers had apparently made improvements (thanks for that). This was also the reasoning of the KeePass development team. The bottom line is that if there is a local attacker on the system, using a password manager is critical. There was then a lot of discussion regarding the proposed hardening methods. I had reported here on the blog in the post CERT Warning: Default KeePass Setup Allows Password Theft (CVE-2023-24055). This leads to the vulnerability CVE-2023-24055, which could open the way for an attacker to obtain the plaintext passwords by adding an export trigger (Unauthenticated RCE, Information disclosure). In the default setup, write access to the XML configuration file was possible. The CERT.be warning about password theftĪs of January 27, 2023, the Cyber Emergency Response Team from Belgium (CERT.be) warned of a vulnerability (CVE-2023-24055) in KeePass.
The password manager is probably in use by some users. KeePass encrypts the entire database, which can also contain usernames and the like.
KeePass Password Safe is a free password management program developed by Dominik Reichl and available under the terms of the GNU General Public License. Passwords could potentially be easily exported by a local attacker. This was preceded by a warning from the Cyber Emergency Response Team from Belgium (CERT.be) on January 27, 2023, which pointed out a vulnerability. Specifically, the export function for passwords has been secured.
The developers of the password safe KeePass have improved the new version KeePass 2.53.1 with regard to the vulnerability CVE-2023-24055.
0 kommentar(er)
