First penetration test of KeeWeb

Published on April 18, 2020 by Dimitri Witkowski
Admin

I'm pleased to announce that KeeWeb has been audited for vulnerabilities by Hackmanit, who generously provided their service for free.

All the vulnerabilities found by them have been patched and the release is already rolled out.

The full report will be revealed in June, meanwhile here's a summary of main weaknesses:

  • authentication on cloud storage providers was not following latest OAuth security guidelines;
  • there was a number of vulnerabilities in opening untrusted kdbx files.

Latest release can be found here: https://github.com/keeweb/keeweb/releases/latest.