KeePassRPC exploit question


Many thanks to those that discovered and promptly fixed the recent exploit for the KeePassRPC.

Does anyone know if the exploit would have allowed access to all passwords in the database, or only those in the Kee home group?

I have always had the Kee home group set to a group of less sensitive passwords so it’d be great to know if only those might have been accessed!

Many thanks, Chris

Hi Chris,

In the announcement luckyrat wrote

Successfully exploiting either vulnerability results in an attacker gaining access to all passwords in any open KeePass databases.

So, I’m pretty sure that means “all” :frowning_face:

Sorry for the confusion.

Only those in the Kee home group of each open database could have been accessed.

For many people this is the same as “all” so I did not elaborate on this detail in the announcement yesterday. I will update the announcement topic shortly to attempt to clarify this point without undermining the urgency of the message.

The announcement has now been updated. Please read it since there are some caveats to my statement in this topic an hour ago.

A post was split to a new topic: KeePassRPC vulnerability age