Man-in-the-Middle Vulnerability in KeePass by KeePass Solutions
CVE-2016-5119

7.5HIGH

Key Information:

Vendor

Keepass

Status
Keepass
Vendor
CVE Published:
23 January 2017

What is CVE-2016-5119?

The automatic update feature in KeePass versions 2.33 and earlier is susceptible to man-in-the-middle attacks. This vulnerability allows an attacker to execute arbitrary code on the user's system by spoofing the version check response and providing a maliciously crafted update. Users are urged to disable automatic updates or upgrade to a patched version to mitigate the risk of exploitation.

References

https://packetstormsecurity.com/files/137274/KeePass-2-Ma...
x_refsource_MISC
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-...
x_refsource_MISC
https://sourceforge.net/p/keepass/discussion/329220/threa...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.