![]() ![]() Attackers could install a keylogger to get the master password, for instance. In other words, once someone has access to your device, this kind of XML exploit is unnecessary. However, the developers of KeePass have disputed the classification of the process as a vulnerability, since anyone who has write access to a device can get their hands on the password database using different (sometimes simpler) methods. ![]() The threat actor can then extract the exported database to a computer or server they control. Thanks to the changes made to the XML file, the process is all done automatically in the background, so users are not alerted that their database has been exported. ![]()
0 Comments
Leave a Reply. |