Well, that's unfortunately a predictable twist.
Put all your valuables in a safe, write down the combination somewhere in the same room and advertise it online... your office will become a hangout for safe crackers.
But good on them for being reactive and implementing improvements.
Comment has been collapsed.
Put all your valuables in a safe, write down the combination somewhere in the same room and advertise it online
To be clear, this vulnerability has nothing to do with that...
A researcher simply discovered that the master password lingers in memory in cleartext longer than it should, due to how the "password textbox" is implemented. To be vulnerable the attacker needs to already have access to your system physically to dump memory (or have remote access which is a big assumption in its self, and if it was the case you have other things to worry about too!)
Which is to say, it is business as usual, an implementation bug was discovered, it will be fixed, no big deal 🤷♂️
(KeePass and KeePassXC both already had security audits done before)
Comment has been collapsed.
I get it and it was lucky it was a researcher who found the vulnerability and not a hacker.
My point was only that those password managers are a big target for hackers. They are as secure as can be but they also are vulnerable for the same reason they exist. People with bad intentions are going to want in
But again, it's a good thing that it happened the way it did and that they were very fast in fixing the issue.
Comment has been collapsed.
yearly penetration parties where safe crackers go and get drunk well cracking safes together
it was on an episode of QI
Comment has been collapsed.
i did not make the name up https://boingboing.net/2009/04/02/a-personal-account-o.html
Comment has been collapsed.
OMG the title scarred me... I guess we (and our passwords) are safe though...
Comment has been collapsed.
So what is the difference between KeePass and KeePass XC?
Comment has been collapsed.
Keeping all my passwords in one basket doesn't sound safe to me. Thus I never used these kind of software.
Comment has been collapsed.
having the same password for all your accounts, never written down only remembered in your head /s 😂
on a more serious note, there are pros and cons to every technique:
https://security.stackexchange.com/questions/3458/password-manager-vs-remembering-passwords
Comment has been collapsed.
I create my passwords with a combination of characters and only change one specific part of it depending on the service I sign up.
Comment has been collapsed.
38 Comments - Last post 15 minutes ago by DeliberateTaco
149 Comments - Last post 43 minutes ago by Gamy7
37 Comments - Last post 2 hours ago by adam1224
24 Comments - Last post 2 hours ago by ipax11
1 Comments - Last post 4 hours ago by OneManArmyStar
1,108 Comments - Last post 5 hours ago by Gamy7
6 Comments - Last post 6 hours ago by tabbou
261 Comments - Last post 14 minutes ago by LuciferLove
9,033 Comments - Last post 16 minutes ago by CurryKingWurst
8,009 Comments - Last post 16 minutes ago by Peiperissimus
7,168 Comments - Last post 16 minutes ago by MarvashMagalli
26,734 Comments - Last post 21 minutes ago by Peiperissimus
743 Comments - Last post 23 minutes ago by WaxWorm
2,356 Comments - Last post 30 minutes ago by teder
https://www.darkreading.com/application-security/keepass-vulnerability-imperils-master-passwords
National Institute of Standards and Technology entry: https://nvd.nist.gov/vuln/detail/CVE-2023-32784
Statement on problem on GitHub: https://github.com/vdohney/keepass-password-dumper
Comment has been collapsed.