KeePass Security Flaw Found
The vulnerability could potentially enable attackers to steal password lists.
"Researcher Benjamin Kunz Mejri of Vulnerability Lab said in an e-mail to Threatpost that he had discovered the hole in a software filter and validation feature in KeePass Password Manager up to and including v1.22," writes Threatpost's Paul Roberts. "If exploited, the hole would enable an attacker with access to a machine running the KeePass software to inject malicious script by passing the html/xml export feature a specially crafted file."
According to Kovacs, KeePass developer Dominik Reichl says the flaw will be patched with the release of version 1.23.