A security flaw in the KeePass password manager has been discovered by a cyber expert. It is recommended to install the latest version if you are a user of this tool.
After the LastPass hack in December, we must now monitor the security of KeePass. Researchers from the SocPrime company published this January 25 a report on a flaw in the very popular password manager. This free tool allows you to store your identifiers and other sensitive information in an encrypted and secure safe. KeePass has several million users around the world. This vulnerability is therefore all the more critical.
On GitHub, the cyber expert Axel Hernández references the possible maneuvers to exploit this flaw. The attacker is able to exfiltrate plaintext passwords by digging into configuration files. The list of affected KeePass versions is disputed.
At this time, KeePass 2.5x is considered sensitive. Users are advised to promptly update their password manager to avoid potential compromises. Version 2.53 is available on the official website.
Manage application access
Furthermore, the attacker must have local access to the PC to take advantage of the flaw, as for corporate computers for example. It is recommended in this case to close the session as soon as you leave your PC or to control and manage the access of people and applications on the devices. These options are available in the “Privacy” tabs of your Windows and Mac devices.