![]() ![]() We are also monitoring the request to reject/dispute this CVE on the grounds it is not actually a vulnerability in our software. In addition, having lost control of your computer in this manner would mean the attacker could execute any number of security compromises against your KeePassXC database, regardless of requiring credentials prior to export or credential change.Īt this time, we are not planning any drastic changes to the program to address this submission. ![]() Allow or deny simultaneous checkouts for accounts. Allow or deny the ability to automatically rotate credentials after check in. If automatic password rotation is allowed, set the Maximum Password Age. Where this is true, there are numerous barriers to actually executing this attack sequence. The password management application can run on multiple servers and be secured using your existing back up solution. Allow or deny the ability to automatically rotate account passwords when the specified maximum password age is reached. The root of the argument submitted by the CVE author is that an attacker with unfettered access to an already unlocked database could export or change the password without requiring the original credentials. The AWS Secrets Manager can configure to automatically rotate the secrets. ![]() Additional information can be found in the discussion on GitHub. Activating auto rotation of the security credentials. As the developers of KeePassXC, we do not consider the issue a vulnerability and have filed a request for the CVE to be rejected. On Jan alleged KeePassXC vulnerability with the identifier CVE-2023–35866 was posted against KeePassXC versions up to 2.7.5. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |