this post was submitted on 05 Jul 2023
8 points (100.0% liked)

KeePass Password Manager

195 readers
1 users here now

Everything about KeePass password manager and its forks.

Only two simple rules:

  1. Keep a respectful tone.
  2. No spam/scam.

founded 1 year ago
MODERATORS
ScaNtuRd
8
CVE-2023–35866 (keepassxc.org)
submitted 1 year ago by [email protected] to c/keepass
6 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago

I have to agree with the reasoning. As a very interested user of KeePass, a CVE took my attention, and I do a lot of security research as part of my job.

I don't think this should qualify as a CVE because it's so close to assuming the conclusion that it's effectively not a vulnerability. If you have a local attacker with arbitrary memory access, your password is in all likelyhood already owned.

It's nearly the argument that a locally authenticated user could modify my bash.rc to alias sudo and steal my password. Of course, I know him; he's me!