KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings
BY DO SON Β· JUNE 19, 2023
KeePassXC, a modern and secure password manager, is the bulwark of choice for many who demand the utmost security in managing their personal data. However, every fortress has its weakness. A recent vulnerability was discovered in KeePassXC: CVE-2023-35866.
mttaggart@infosec.exchange - Right so, in KeePassXC, if you have an unlocked session, the change password flow does not require you to enter the current database password.
That means someone who accesses the machine locally (Or via RDP? Maybe?) would be able to change those settings. But then, they'd also be able to just read the passwords so Β―\_(γ)_/Β―
#CVE202335866 #ThreatIntel #InfoSec #CyberSecurity
#KeepassXC
BY DO SON Β· JUNE 19, 2023
KeePassXC, a modern and secure password manager, is the bulwark of choice for many who demand the utmost security in managing their personal data. However, every fortress has its weakness. A recent vulnerability was discovered in KeePassXC: CVE-2023-35866.
mttaggart@infosec.exchange - Right so, in KeePassXC, if you have an unlocked session, the change password flow does not require you to enter the current database password.
That means someone who accesses the machine locally (Or via RDP? Maybe?) would be able to change those settings. But then, they'd also be able to just read the passwords so Β―\_(γ)_/Β―
#CVE202335866 #ThreatIntel #InfoSec #CyberSecurity
#KeepassXC