Georg Merzdovnik

#14816of 53,633
18.2Total CVSS
Vulnerabilities · 2
Critical
2
PT-2020-14859
9.1
2020-08-03
Kee Vault · Kee Vault Keepassrpc · CVE-2020-16271
**Name of the Vulnerable Software and Affected Versions** Kee Vault KeePassRPC versions prior to 1.12.0 **Description** The issue concerns the SRP-6a implementation, which generates insufficiently random numbers. This allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. **Recommendations** For versions prior to 1.12.0, update to version 1.12.0 or later to resolve the issue.
PT-2020-14860
9.1
2020-08-03
Keepass · Keepassrpc · CVE-2020-16272
**Name of the Vulnerable Software and Affected Versions** KeePassRPC versions prior to 1.12.0 **Description** The issue concerns the SRP-6a implementation, which lacks validation for a client-provided parameter. This allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection. **Recommendations** For versions prior to 1.12.0, update to version 1.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebSocket connection to minimize the risk of exploitation.