Where this is true, there are numerous barriers to actually executing this attack sequence. The root of the argument submitted by the CVE author is that an attacker with unfettered access to an already unlocked database could export or change the password without requiring the original credentials. Additional information can be found in the discussion on GitHub. As the developers of KeePassXC, we do not consider the issue a vulnerability and have filed a request for the CVE to be rejected. On Jan alleged KeePassXC vulnerability with the identifier CVE-2023–35866 was posted against KeePassXC versions up to 2.7.5.
0 kommentar(er)
