Da, popravljeno ( 1 - 2) je i to nekih dva mjeseca prije od planiranog. 
Citiraj:
|
The vulnerability was assigned CVE-2023-32784 and fixed in KeePass 2.54. Thanks again to Dominik Reichl for his fast response and creative fix!
|
Citiraj:
EDIT:
Citiraj:
|
Users of KeePass 1.x, Strongbox, or KeePassXC are not impacted by CVE-2023-32784 and, thus, do not need to migrate to a newer release. To fix the vulnerability, KeePass is now using a Windows API to set or retrieve data from text boxes, preventing the creation of managed strings that can potentially be dumped from memory. Reichl also introduced "dummy strings" with random characters into the memory of the KeePass process to make it harder to retrieve fragments of the password from memory and combine them into a valid master password. KeePass 2.54 also introduces other security enhancements, such as moving 'Triggers,' 'Global URL overrides,' and 'Password generator profiles' into the enforced configuration file, which provides additional security from attacks that modify the KeePass configuration file.
|
Izvor: BleepingComputer
|
__________________
AMD Ryzen 9 9950X | Noctua NH-U12A chromax.black | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Seasonic GX-750
AMD Ryzen 5 7600 | Noctua NH-U12A chromax.black | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x12TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
Zadnje izmijenjeno od: The Exiled. 05.06.2023. u 18:15.
|