Floragasse 7 – 5th floor, 1040 Vienna

News

Exploiting KeePassRPC – SBA Student finds Vulnerability

While taking a university course on security, Philipp Danzinger discovered two critical related vulnerabilities in KeePassRPC, an addon for the popular password manager KeePass.

Both vulnerabilities allow a malicious web site to read and leak (unlocked) KeePass databases, while being very hard or impossible to detect, provided the KeePassRPC addon is installed. Shortly after being reported, the vulnerabilities were patched and publicly disclosed by the developer.

News coverage
heise.de
forum.kee