A security flaw in the KeePass password manager has been discovered by a cyber expert. It is recommended to install the latest version if you are a user of this tool.
After the LastPass hack in December, we must now monitor the security of KeePass. Researchers from the SocPrime company published a report on January 25 on a flaw in the very popular password manager. This free tool allows you to store your identifiers and other sensitive information in an encrypted and secure safe. KeePass has several million users around the world. This vulnerability is therefore all the more critical.
On GitHub, cyber expert Axel Hernandez references possible maneuvers to exploit this flaw. The attacker is able to exfiltrate plaintext passwords by digging into configuration files. The list of affected KeePass versions is disputed.
At this time, KeePass 2.5x is considered sensitive. Users are advised to promptly update their password manager to avoid potential compromises. Version 2.53 is available on the official website.
Manage application access
Furthermore, the attacker must have a PC (local or remote) to take advantage of the flaw. It is recommended in this case to close the session as soon as you leave your PC or to control and manage the access of people and applications on the devices. These options are available in the “Privacy” tabs of your Windows and Mac devices.
Sponsored sites on Google can steal all your passwords
Do you like our media? Tell us in this survey!