We are also monitoring the request to reject/dispute this CVE on the grounds it is not actually a vulnerability in our software. In addition, having lost control of your computer in this manner would mean the attacker could execute any number of security compromises against your KeePassXC database, regardless of requiring credentials prior to export or credential change.Īt this time, we are not planning any drastic changes to the program to address this submission. I decided to give 1Password another try, but then I ran into a problem with the CLI. The CLI also connects to the application via PolicyKit and it has some helpful plugins for various other CLI tools, like the AWS cli. Where this is true, there are numerous barriers to actually executing this attack sequence. It has a great CLI now and the GUI application runs well in Linux. The root of the argument submitted by the CVE author is that an attacker with unfettered access to an already unlocked database could export or change the password without requiring the original credentials. Additional information can be found in the discussion on GitHub. 1Password is available on the Microsoft Store A trusted hub for apps, software, and games verified by Microsoft for security, family safety, and device compatibility. As the developers of KeePassXC, we do not consider the issue a vulnerability and have filed a request for the CVE to be rejected. Learn how to use 1Password 8 for Windows to manage your passwords, credit cards, secure notes, and more. On Jan alleged KeePassXC vulnerability with the identifier CVE-2023–35866 was posted against KeePassXC versions up to 2.7.5.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |