cross-posted from: https://infosec.pub/post/42164102
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
I store my passwords on a flash drive with KeepassXC. How about you compromise that server… Oh wait a minute, no server?
As long as your copy isn’t a trojan.
https://cybersecuritynews.com/hackers-weaponize-keepass-password-manager/
I got it from my system package manager. I didn’t download it from the web or anything. Sudo apt-get install keepassxc. I also use keepassDX on my phone, pulled from the fdroid repository.
So just get it from your repo.
Repos can get / have been hacked/malicious code injected.
So can anything. The article was about people getring compromised copies from malicious websites. The answer to that is to get it from a legirimate source, so if your comeback is the legirimate source can get compromised, the only answer is to not use the fucking internet. What the fuck do you want to hear?