Free and Open Source Software

17922 readers

35 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

Gaywallet@beehaw.org

alyaza@beehaw.org

BSI warnt vor KeePassXC-Schwachstellen / BSI warns of vulnerabilities in the password manager KeePassXC (www.heise.de)

submitted 1 year ago by 73kk13@discuss.tchncs.de to c/foss@beehaw.org

24 comments fedilink hide all child comments

heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

you are viewing a single comment's thread
view the rest of the comments

[–] veloxization@yiffit.net 9 points 1 year ago (2 children)

KeePassXC is not affected by this vulnerability.

[–] Irisos@lemmy.umainfo.live 2 points 1 year ago (1 children)

This is also the vulnerability that made many people delete Keepass 2 for XC many months ago so it is very strange that they make an article that sounds like it's a new vulnerability.

[–] dog@suppo.fi 2 points 1 year ago* (last edited 1 year ago) (1 children)

Wrong vulnerability. The discovered one is CVE-2023-35866, which is still pending verification* (analysis).

This affects KeePassXC. https://nvd.nist.gov/vuln/detail/CVE-2023-35866

[–] Irisos@lemmy.umainfo.live 1 points 1 year ago

Thanks for the correction. In that case going to be interesting how this issue progress.

[–] lowleveldata@programming.dev 2 points 1 year ago* (last edited 1 year ago)

CVE-2023-32784

That's not the issue mentioned in the article. Which is CVE-2023-35866.