Vulnerability in KeePass password manager, fix to follow in June – Computer – News

Customers might have to confirm their PC’s working system reinstall and overwrite present information.

The supply describes it a bit extra nuanced:

Even after the brand new model is launched, the grasp password should be saved in reminiscence information. The researcher warns that to be 100% protected that it’s not lurking on the system, you would wish to delete your system’s swap and hibernation information, format your laborious drive utilizing the “overwrite information” mode to stop information restoration, and do a recent OS set up.

For manyalthough, restarting the pc, clearing your swap file and hibernation information, and never utilizing KeePass till the brand new model is launched are affordable security measures in the meanwhile.

And even then a recent os set up is exaggerated, as a result of you may also use a free house wiper. These typically even have standardized overwrite strategies, which makes it much more safe.

Additionally, a mean keylogger can obtain the identical.
So should you’re not going to make use of KeePass due to this exploit, you are doing so for worry that native malware might intercept your masterpass via this exploit. However even with out this exploit, a keylogger might accomplish the identical factor. In different phrases: there’s not likely a considerably elevated danger in comparison with regular. However, it’s after all good to repair this.

Additionally, if KeePass comprises essential passwords, you shouldn’t rely solely on a masterpass for authentication, however ought to use MFA, e.g. with a Yubikey.
Nevertheless, it might turn into extra harmful if there are additionally exploits that enable {hardware} tokens to be bypassed, which can even be doable, relying on whether or not there are extra associated vulnerabilities.

[Reactie gewijzigd door Cyb op 21 mei 2023 14:08]