The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
CPE | Name | Operator | Version |
---|---|---|---|
keepassrpc | eq | 1.11.0 | |
keepassrpc | eq | 1.7.3 | |
keepassrpc | eq | 1.8.0 | |
keepassrpc | eq | 1.9.0 | |
keepassrpc | eq | 1.10.0 |