Well, that's unfortunately a predictable twist.
Put all your valuables in a safe, write down the combination somewhere in the same room and advertise it online... your office will become a hangout for safe crackers.
But good on them for being reactive and implementing improvements.
Comment has been collapsed.
Put all your valuables in a safe, write down the combination somewhere in the same room and advertise it online
To be clear, this vulnerability has nothing to do with that...
A researcher simply discovered that the master password lingers in memory in cleartext longer than it should, due to how the "password textbox" is implemented. To be vulnerable the attacker needs to already have access to your system physically to dump memory (or have remote access which is a big assumption in its self, and if it was the case you have other things to worry about too!)
Which is to say, it is business as usual, an implementation bug was discovered, it will be fixed, no big deal 🤷♂️
(KeePass and KeePassXC both already had security audits done before)
Comment has been collapsed.
I get it and it was lucky it was a researcher who found the vulnerability and not a hacker.
My point was only that those password managers are a big target for hackers. They are as secure as can be but they also are vulnerable for the same reason they exist. People with bad intentions are going to want in
But again, it's a good thing that it happened the way it did and that they were very fast in fixing the issue.
Comment has been collapsed.
yearly penetration parties where safe crackers go and get drunk well cracking safes together
it was on an episode of QI
Comment has been collapsed.
i did not make the name up https://boingboing.net/2009/04/02/a-personal-account-o.html
Comment has been collapsed.
OMG the title scarred me... I guess we (and our passwords) are safe though...
Comment has been collapsed.
So what is the difference between KeePass and KeePass XC?
Comment has been collapsed.
Keeping all my passwords in one basket doesn't sound safe to me. Thus I never used these kind of software.
Comment has been collapsed.
having the same password for all your accounts, never written down only remembered in your head /s 😂
on a more serious note, there are pros and cons to every technique:
https://security.stackexchange.com/questions/3458/password-manager-vs-remembering-passwords
Comment has been collapsed.
I create my passwords with a combination of characters and only change one specific part of it depending on the service I sign up.
Comment has been collapsed.
34 Comments - Last post 9 minutes ago by sensualshakti
2,060 Comments - Last post 1 hour ago by Wok
66 Comments - Last post 2 hours ago by Axelflox
380 Comments - Last post 7 hours ago by VahidSlayerOfAll
8,466 Comments - Last post 11 hours ago by Warriot
15,384 Comments - Last post 14 hours ago by PoeticKatana
110 Comments - Last post 14 hours ago by pb1
0 Comments - Created 2 minutes ago by Fenchurch
82 Comments - Last post 40 minutes ago by Calibr3
8,955 Comments - Last post 40 minutes ago by Geomax7
193 Comments - Last post 58 minutes ago by shadowshiv
96 Comments - Last post 1 hour ago by shadowshiv
243 Comments - Last post 2 hours ago by Lugum
39 Comments - Last post 2 hours ago by NoctuaVentus
https://www.darkreading.com/application-security/keepass-vulnerability-imperils-master-passwords
National Institute of Standards and Technology entry: https://nvd.nist.gov/vuln/detail/CVE-2023-32784
Statement on problem on GitHub: https://github.com/vdohney/keepass-password-dumper
Comment has been collapsed.