Security News > 2016 > June > KeePass update check MitM flaw can lead to malicious downloads (Help Net Security)
2016-06-02 17:40
Open source password manager KeePass sports a MitM vulnerability that could allow attackers to trick users into downloading malware disguised as a software update, security researcher Florian Bogner warns. All versions of KeePass, including the latest, are vulnerable. The team developing the software is aware of the flaw (CVE-2016-5119), but they currently have no intention of fixing it. “KeePass 2’s automatic update check uses HTTP to request the current version information,” Bogner has discovered. “An … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/OkVj3KwiFN8/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-5119 | Improper Input Validation vulnerability in Keepass The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | 7.5 |