Skip to main content

Keepassrpc

2 CVEs product

Monthly

CVE-2020-16272 CRITICAL POC Act Now

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Keepassrpc
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2020-16271 CRITICAL POC Act Now

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Keepassrpc
NVD
CVSS 3.1
9.1
EPSS
1.5%
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Keepassrpc
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Keepassrpc
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy