Lock the pc, if you leave and lock the db, if pc is locked, lid is closed and this is absolute a non-issue.
German BSI is sometimes a little bit over motivated ;-)
Lock the pc, if you leave and lock the db, if pc is locked, lid is closed and this is absolute a non-issue.
German BSI is sometimes a little bit over motivated ;-)
KeePassXC is not affected by this vulnerability.
CVE-2023-32784
That's not the issue mentioned in the article. Which is CVE-2023-35866
.
gotcha
Added to original comment. Both are recent issues, so confusion is forgivable.
This is also the vulnerability that made many people delete Keepass 2 for XC many months ago so it is very strange that they make an article that sounds like it's a new vulnerability.
Wrong vulnerability. The discovered one is CVE-2023-35866, which is still pending verification* (analysis).
This affects KeePassXC. https://nvd.nist.gov/vuln/detail/CVE-2023-35866
Thanks for the correction. In that case going to be interesting how this issue progress.
Here is KeePassXC's response: https://keepassxc.org/blog/2023-06-20-cve-202335866
Basically some random guy with weird misconceptions about security decided this was an issue, it's obviously not. Honestly concerning that he was able to easily get a CVE for this and even get articles about it published on some websites.
Can't read German. What is required to perform this attack?
Ok I checked it up (CVE-2023-35866). It basically says an attacker may export everything if they have access to your unlocked database. Which seems... obvious? The project contributors says it's not a vulnerability which I incline to agree.
You mean to say that if I leave my door unlocked, somebody might come in? This is shocking news!
If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.