CVE-2016-5119

Sažetak

The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.

Reference

https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html
https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-01-2017 - 21:18

Objavljeno

23-01-2017 - 21:59