Email or username:

Password:

Forgot your password?
Top-level
varjolintu

@juliank There's an API but it isn't exposed in a way that anyone could query something from it without user knowing about it. Plus it only works locally and is not exposed to outside world. Is these one of the features that are insecure in your opinion?

3 comments
Julian Andres Klode 🏳️‍🌈 replied to varjolintu

@varjolintu I understand there are some access controls, but they can be buggy. A bug in the browser extension IPC access control could reveal your entire database to your browser.

If you don't have the means to query the database from other processes the entire attack vector goes away.

i.e. keepassxc-light or whatnot could only ever have critical CVEs if it messed up the database encryption.

Julian Andres Klode 🏳️‍🌈 replied to Julian Andres Klode 🏳️‍🌈

@varjolintu Optimally I'd go a step further:

- make keepassxc open files using portals (it might already, I don't know)
- write an AppArmor profile that only allows r/w configuration files, and read access to /usr

Then you can select databases, key files, and work with them and rest assured that even if keepassxc core is compromised (whether that's a new malicious maintainer sneaking in, or a gcc backdoor 😄) it can't talk anywhere else.

varjolintu replied to Julian Andres Klode 🏳️‍🌈

@juliank There are already a few PR's waiting for 2.8.0 that will reduce the possibility of such attacks. One is storing access related settings directly to a database instead of a config file. Another one allows restricting processes that can access the database. Revealing the entire database without user knowing it would be very difficult even now.

Are you concerned about the possible attack vectors on Bitwarden? With multiple dependencies, and as an Electron application it has its downsides.

Go Up