New Password Manager KeePass 2.34 fixes vulnerability

The vulnerability that allowed man-in-the-middle attacks on the popular KeePass password manager is reportedly set in the new KeePass 2.34 update.keepass 2

The attacker could successfully use the technique used by older versions of KeePass to check for new updates. The application did not verify the information that came from the KeePass server nor did it use a secure transport protocol to pass the update to the user's system.

So the attacker could manage the information and deliver a malicious copy of KeePass to the end user.

So it is currently recommended that you download the new version of KeePass 2.34 from the project website or from the links below and not automatically from your application.

The new KeePass 2.34 version fixes the issue of update checks by sending version information via HTTPS, and signing them digitally. So today it will accept only version information files that have a digital signature.

All KeePass executable files are signed, and it is quite easy to verify that the digital signature is correct. To verify the signature, open the KeePass directory on your system, right-click on any executable file, select Properties from the menu, and view the "digital signatures."

The signature should state "Open Source Developer, Dominik Reichl". If it does not mention it, delete the files immediately and scan your computer with a reliable antivirus.

Please note that the application is one of the few of its kind, as it stores the encrypted passwords locally rather than somewhere on the internet.

KeePass 2.34

Installer:

KeePass 2.34 (Installer EXE for Windows)

This package contains everything you need to use KeePass. Simply download the EXE file above, run it and follow the steps of the installation program. You need local installation rights (use the Portable version below, if you do not have these rights).

Portable:

Portable KeePass 2.34 (ZIP Package)
Download this ZIP package and unpack it to your favorite location (USB stick,…). KeePass runs without any additional installation and will not store any settings outside the application directory.

Supported operating systems:
Windows 98, 98, 2000, 2003,
Mono (Linux, Mac OS X, BSD,…).

Prerequisites:
Microsoft .NET Framework ≥ 2.0 (already included in Windows Vista and higher) or Mono ≥ 2.6.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).