Post AWQAARaNifoYScmHSK by zloygik@social.mykolayiv.dcomm.net.ua
 (DIR) More posts by zloygik@social.mykolayiv.dcomm.net.ua
 (DIR) Post #AWQ75VDMV7T6P8xk36 by thenewoil@freeradical.zone
       2023-06-06T16:31:48Z
       
       0 likes, 1 repeats
       
       KeePass v2.54 fixes bug that leaked cleartext master passwordhttps://www.bleepingcomputer.com/news/security/keepass-v254-fixes-bug-that-leaked-cleartext-master-password/
       
 (DIR) Post #AWQ9XyyhdN8yjOoWkC by adam@hax0rbana.social
       2023-06-06T16:59:25Z
       
       0 likes, 0 repeats
       
       @thenewoilCan application memory really be dumped on Windows without admin privs?I ask because keepass is not intended to be secure when used on an untrusted computer.On an untrusted computer, the attacker (who controls the O/S) can install a keylogger, see all clipboard activity, dump memory which if it doesn't contain the password, it will contain the key that is derived from the password.If you want protection against a malicious computer, get a hardware password manger like #Signet
       
 (DIR) Post #AWQ9tFgugrdmeBdRdg by adam@hax0rbana.social
       2023-06-06T17:03:16Z
       
       0 likes, 0 repeats
       
       @thenewoil The new version is going to be improved, and that's good, but if:1. a normal user couldn't get the password before the fix, and2. an admin user can still recover the decrypted contents after the fixthen I'm not even sure I'd call this a bug. It just seems like security hardening to me.  Like I said, that is good, but as a security expert, I think it's important to put these things into perspective.
       
 (DIR) Post #AWQAARaNifoYScmHSK by zloygik@social.mykolayiv.dcomm.net.ua
       2023-06-06T17:05:45Z
       
       0 likes, 0 repeats
       
       @thenewoil fixes bug that did WHAT?