heisec@social.heise.de - BSI warnt vor KeePassXC-Schwachstellen

Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.

[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]

  • Do we know mechanism of access. You have to be on same users account or you have to be on same machine only as any user? If same users account, what do they expect? Anyone running as you has total access to your stuff anyway. Is there anyway around that?

    Thoughts?