Issues in password managers have been a particular focus for security researchers since a mishandled security incident involving LastPass last year that eventually prompted the vendor to admit encrypted password vaults had leaked.
The vulnerability – whose seriousness is disputed – is being tracked as CVE-2023-24055.Īs Bleeping Computer reports, KeePass maintains the issue only comes into play in cases where an attacker already has control of a compromised account – in which case it’s ‘game over’ already. Security researchers warned that it might be possible to set up a trigger that exports everything from the KeePass database in cleartext, before syphoning off secret data. KeePass has become the latest password manager utility obliged to defend its reputation following the discovery of an alleged vulnerability.
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
0 kommentar(er)
