KeePassX

KeePassX 0.4.4 Security Update released
8. December 2015 · Filed under: News — Tags: , ,

Two security flaws have been discovered in KeePassX 0.4.3.
Version 2.0 has a different codebase and is not affected.

  • CVE-2015-8359: DLL Preloading vulnerability on Windows
    The version of Qt bundled with KeePassX 0.4.3 is vulnerable to a DDL preloading attack.
    This vulnerability only affects KeePassX on Windows.
    If successfully exploited, arbitrary code can be executed in the context of KeePassX.
    KeePassX 0.4.4 ships with Qt 4.8.7 and employs additional hardening measures.
    Thanks to Trenton Ivey from SecureWorks for reporting this vulnerability to us.
  • CVE-2015-8378: Canceling XML export function creates export as “.xml” file
    When canceling the “Export to > KeePassX XML file” function the cleartext passwords were still exported.
    In this case the password database was exported as the file “.xml” in the current working directory (often $HOME or the directory of the database).
    Originally reported as Debian bug #791858

KeePassX 0.4.4 fixes both vulnerabilities.
It is available as a source tarball and Windows / Mac OS X binaries: Download
The OS X bundle contains only a 64bit binary (compared to 0.4.3 which shipped as i386 and powerpc).
The fix for CVE-2015-8378 is also available as a patch: CVE-2015-8378.patch

We will still provide security support for the 0.4 series for some time but please consider updating to version 2.0 instead.

No Comments and Pings are allowed at this moment.

36 Responses to “KeePassX 0.4.4 Security Update released”

« Older Comments
  1. qt001 says:
    May 27, 2018 at 10:18 pm

    /src/lib/random.cpp

    #include “random.h”
    #include <— Add here

    #if defined(Q_WS_X11) || defined(Q_WS_MAC)
    #include

    # make install
    # keepassx

  2. Duck life says:
    September 27, 2018 at 10:13 am

    KeePassX 0.4.4 fixes both vulnerabilities. better than the instrument version. I enjoyed this update.

  3. Meir Sivim says:
    December 2, 2018 at 6:44 pm

    Nice find

  4. כותבי תוכן says:
    January 11, 2019 at 10:32 am

    Do you have estimated time for next version?

  5. trace hotmail email says:
    January 17, 2019 at 8:55 am

    The users wiol also determine if they really want itt to recollect their password by checking or
    un-checking the “remember my password” box.
    Therre is an choice for the Inbox, speculate they are originally entering tthe Inbox, then I do not
    see las vegas dui attorney would require this
    option. Yahoo had its incredibly popular messenger
    service that rivaled AOL Instant Messenger during the old days.

  6. tiki says:
    March 13, 2019 at 3:51 pm

    Nice find

  7. potty racers 3 says:
    April 11, 2019 at 2:57 am

    Wonderful article, thanks for putting this together! This is obviously one great post.

  8. Brenda McClean says:
    August 14, 2019 at 1:07 pm

    my keypass seems to have disappeared .I had many many passwords in it and they are all gone what can I do to get them back please

« Older Comments