1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

KeePass update check MitM flaw can lead to malicious downloads

Discussion in 'Help Net Security' started by RSS, Jun 2, 2016.

  1. RSS

    RSS New Member Member

    Open source password manager KeePass sports a MitM vulnerability that could allow attackers to trick users into downloading malware disguised as a software update, security researcher Florian Bogner warns. All versions of KeePass, including the latest, are vulnerable. The team developing the software is aware of the flaw (CVE-2016-5119), but they currently have no intention of fixing it. “KeePass 2’s automatic update check uses HTTP to request the current version information,” Bogner has discovered. “An … More →

    Continue reading...

Share This Page