A blog post has been put up to address this: https://keepassxc.org/blog/2023-06-... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

droidmonkey on June 20, 2023 | parent | context | favorite | on: KeePassXC Vulnerability CVE-2023-35866

A blog post has been put up to address this: https://keepassxc.org/blog/2023-06-20-cve-202335866/

Additionally, this is certainly not unique to KeePassXC. KeePass original and other clones we have tested do not require entering your credentials again prior to export or credential change.

riedel on June 20, 2023 [–]

I am a happy keepassxc user but I have criticized the authors on multiple occasions for not investing in a clear documentation of an attacker model. It seems to me a lot of bogus security is added here and there and this non-CVE is the result, because people demand more of that.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact