There's an ongoing discussion about the Keepass Password Manager software that's driving its users and the community crazy: https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
The software, in a default installation, is subject to a certain attack where, if the machine where compromised, an attacker could inject a special Keepass trigger to export the whole password database without the user of a master password once the database has been opened. There are certain mitigations to this problem as stated by a maintainer https://sourceforge.net/p/keepass/feature-requests/2773/#d326 where a user could turn this behaviour off by default.
It's true that an attacker would first need access to the machine but the users' are complaining that this issue should be fixed whereas the developers say this functionality is perfectly normal and have so far refused to patch it.
There's already a CVE created for this purpose and it's under analysis.
Sources:
https://nvd.nist.gov/vuln/detail/CVE-2023-24055
https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
https://sourceforge.net/p/keepass/feature-requests/2773/
The software, in a default installation, is subject to a certain attack where, if the machine where compromised, an attacker could inject a special Keepass trigger to export the whole password database without the user of a master password once the database has been opened. There are certain mitigations to this problem as stated by a maintainer https://sourceforge.net/p/keepass/feature-requests/2773/#d326 where a user could turn this behaviour off by default.
It's true that an attacker would first need access to the machine but the users' are complaining that this issue should be fixed whereas the developers say this functionality is perfectly normal and have so far refused to patch it.
There's already a CVE created for this purpose and it's under analysis.
Sources:
https://nvd.nist.gov/vuln/detail/CVE-2023-24055
https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
https://sourceforge.net/p/keepass/feature-requests/2773/
