2 matches found
CVE-2020-16271
Kee Vault KeePassRPC (SRP-6a) before version 1.12.0 uses a weak random-number generator, enabling remote attackers to read and modify KeePass data over WebSocket. Affected component: SRP-6a implementation; impact is data confidentiality and integrity. Remediation: upgrade to KeePassRPC 1.12.0 or ...
CVE-2020-16272
The CVE-2020-16272 entry concerns Kee Vault KeePassRPC prior to 1.12.0. The SRP-6a implementation lacks validation of a client-provided parameter, enabling remote attackers over a WebSocket (A=0) connection to read and modify data in the KeePass database. Multiple sources (NVD entry, Red Hat advi...