![]() ![]() The lead developer of KeePass, Dominik Reichl, suggested that users could create an enforced configuration file to lock the trigger functionality. KeePass itself disputed the vulnerability, stating that malicious actors needed write access on the system and that the access would give them even more malicious options, including replacing the KeePass executable file, running malicious programs on the system, or modifying autostart and configurations on the system. The main issue that Belgium's Federal Cyber Emergency Team saw was that KeePass did not prompt the user for the master password before allowing the export of passwords to commence. Using a specific trigger, an attacker could export the entire password database to another file. Reported by the Federal Cyber Emergency Team of Belgium, it revolved around the application's trigger mechanism. ![]() Last week, word about a vulnerability in the password manager spread online. ![]()
0 Comments
Leave a Reply. |