Well, that's unfortunately a predictable twist.
Put all your valuables in a safe, write down the combination somewhere in the same room and advertise it online... your office will become a hangout for safe crackers.
But good on them for being reactive and implementing improvements.
Comment has been collapsed.
Put all your valuables in a safe, write down the combination somewhere in the same room and advertise it online
To be clear, this vulnerability has nothing to do with that...
A researcher simply discovered that the master password lingers in memory in cleartext longer than it should, due to how the "password textbox" is implemented. To be vulnerable the attacker needs to already have access to your system physically to dump memory (or have remote access which is a big assumption in its self, and if it was the case you have other things to worry about too!)
Which is to say, it is business as usual, an implementation bug was discovered, it will be fixed, no big deal 🤷♂️
(KeePass and KeePassXC both already had security audits done before)
Comment has been collapsed.
I get it and it was lucky it was a researcher who found the vulnerability and not a hacker.
My point was only that those password managers are a big target for hackers. They are as secure as can be but they also are vulnerable for the same reason they exist. People with bad intentions are going to want in
But again, it's a good thing that it happened the way it did and that they were very fast in fixing the issue.
Comment has been collapsed.
yearly penetration parties where safe crackers go and get drunk well cracking safes together
it was on an episode of QI
Comment has been collapsed.
i did not make the name up https://boingboing.net/2009/04/02/a-personal-account-o.html
Comment has been collapsed.
OMG the title scarred me... I guess we (and our passwords) are safe though...
Comment has been collapsed.
So what is the difference between KeePass and KeePass XC?
Comment has been collapsed.
Keeping all my passwords in one basket doesn't sound safe to me. Thus I never used these kind of software.
Comment has been collapsed.
having the same password for all your accounts, never written down only remembered in your head /s 😂
on a more serious note, there are pros and cons to every technique:
https://security.stackexchange.com/questions/3458/password-manager-vs-remembering-passwords
Comment has been collapsed.
I create my passwords with a combination of characters and only change one specific part of it depending on the service I sign up.
Comment has been collapsed.
30 Comments - Last post 37 minutes ago by MrShobijin
744 Comments - Last post 48 minutes ago by MeguminShiro
9 Comments - Last post 1 hour ago by cowbell
6 Comments - Last post 1 hour ago by Sh4dowKill
41 Comments - Last post 2 hours ago by windenchanter
1,504 Comments - Last post 2 hours ago by eeev
74 Comments - Last post 2 hours ago by AmanoTC
26 Comments - Last post 8 minutes ago by LuckyStrike1305
90 Comments - Last post 13 minutes ago by Mitsukuni
145 Comments - Last post 15 minutes ago by LuckyStrike1305
277 Comments - Last post 22 minutes ago by Melusca
37 Comments - Last post 42 minutes ago by lafilleange95
147 Comments - Last post 43 minutes ago by LuckyStrike1305
21 Comments - Last post 59 minutes ago by Moony1986
https://www.darkreading.com/application-security/keepass-vulnerability-imperils-master-passwords
National Institute of Standards and Technology entry: https://nvd.nist.gov/vuln/detail/CVE-2023-32784
Statement on problem on GitHub: https://github.com/vdohney/keepass-password-dumper
Comment has been collapsed.