Keepass is offered in two different versions for windows; keepass 2.x and keepass 1.x which are different versions of the password manager that offer different functionality. in other words, keepass 2.x is not an update of keepass 1.x. keepass 2.x offers features that version 1.x of the software does not support.. This post is about a man in the middle (mitm) vulnerability in keepass 2’s automatic update check. keepass – the free and open source password manager – uses, in all versions up to the current 2.33, unencrypted http requests to check for new software versions.. An attacker can abuse keepass 2's recommended automatic update check – if enabled – to “release” a new version and redirect the user to a malicious download page..
€
Comments
Post a Comment