[email protected] - BSI warnt vor KeePassXC-Schwachstellen
Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.
[The BSI warns of vulnerabilities in the password manager KeePassXC. Attackers can manipulate files or the master password without authentication confirmation.]
Lock the pc, if you leave and lock the db, if pc is locked, lid is closed and this is absolute a non-issue.
German BSI is sometimes a little bit over motivated ;-)
You don’t even need to lock the pc, locking the db is sufficient. The issue allows changing the settings on unlocked databases without needing to re-confirm (at least according to the article).