While KeePass’s developers appear unwilling to fix the issue, there are steps you can take yourself. KeePass cannot magically run securely in an insecure environment.” What can you do? The solution, the developers argue, is “keeping the environment secure (by using an anti-virus software, a firewall, not opening unknown e-mail attachments, etc.). If an attacker has access to your computer, fixing the XML exploit won’t help.
The line of reasoning is that worrying about this kind of attack is like shutting the door after the horse has bolted. Attackers could install a keylogger to get the master password, for instance. In other words, once someone has access to your device, this kind of XML exploit is unnecessary. However, the developers of KeePass have disputed the classification of the process as a vulnerability, since anyone who has write access to a device can get their hands on the password database using different (sometimes simpler) methods. The threat actor can then extract the exported database to a computer or server they control. Thanks to the changes made to the XML file, the process is all done automatically in the background, so users are not alerted that their database has been exported. Once that’s been obtained, a threat actor can add commands to KeePass’s XML configuration file that automatically export the app’s database - including all usernames and passwords - into an unencrypted plaintext file. The vulnerability, logged as CVE-2023-24055, is available to anyone with write access to a user’s system. Hackers have found a way to hack you that you’d never expect LastPass reveals how it got hacked - and it’s not good news NordPass adds passkey support to banish your weak passwords
0 kommentar(er)
