Security researchers have recently discovered a vulnerability in the Windows KeePass app that could allow attackers to obtain stored passwords in cleartext. The bug has been dubbed CVE-2023-24055.
The Strongbox app is not affected by this vulnerability. Which means that if you use Strongbox to work with your KeePass databases, then you’re protected.
The exploit is based on an attacker being able to edit a configuration file and set up a trigger that silently exports entries from the KeePass database. Strongbox is architected so that configuration files can not be edited by an attacker in this manner.
Nov 3, 2023