In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NKeepassxc
APPKeepassxc≤ 2.7.5
Related vulnerabilities
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via...
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords s...
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a...