ALT-PU-2025-10306-2

Package update keepassxc in branch c10f2

Version2.7.10-alt3

Published2025-08-13

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.5

Уязвимость компонента Setting Handler менеджера паролей KeePassXC, позволяющая нарушителю обойти существующие ограничения безопасности

Published: 2024-04-02

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:C/A:N

References

CVE-2023-35866

MEDIUM5.5

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."

Published: 2023-06-19Modified: 2024-12-11

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

Closed bugs (2)

Нужно добавить интеграцию с Chromium-Gost

keepassxc не предоставляет возможность использовать yubikey для усиления парольной защиты