Lucene search

[email protected]CVE-2023-35866

HistoryJun 19, 2023 - 6:15 a.m.

CVE-2023-35866

2023-06-1906:15:09

[email protected]

web.nvd.nist.gov

197

keepassxc

cve-2023-35866

security

authentication

vulnerability

local attacker

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor’s position is “asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker.”

Affected configurations

NVD

Node

keepassxckeepassxcRange≤2.7.5

CPENameOperatorVersion
keepassxc:keepassxckeepassxcle2.7.5

CPE	Name	Operator	Version
keepassxc:keepassxc	keepassxc	le	2.7.5

References

github.com/keepassxreboot/keepassxc/issues/9339

github.com/keepassxreboot/keepassxc/issues/9339#issuecomment-1598219482

github.com/keepassxreboot/keepassxc/issues/9391

keepassxc.org/docs/#faq-yubikey-2fa

medium.com/%40cybercitizen.tech/keepassxc-vulnerability-cve-2023-35866-dc7d447c4903

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-35866

prion1 alpinelinux1 cvelist1 ubuntucve1 nvd1