Was not sure if I should create a ticket for this, so i start here is the Discussion
I have been using Keepass 2.19 as portable(Key file and master password) on a USB stick for a long while now with no issues. Yesterday on launching the app. it gave the popup that it would check for a update and I clicked OK (as it mentioned no file would be installed or in fact downloaded)
I finished my session with the app and closed it. Later in the day I browsed again to my USB stick to launch the usual app.: Keepass.exe - now it had been renamed ! a concern for sure , but what really shocked me was that it had ben renamed to my master password(.exe) !!!!!!
Somewhat of a security issue I would imagine if in fact this was a genuine effect of the update check mentioned above.
The App. opened OK but the link to my database was gone. After re-establishing the link it works fine, just the App is named my master password!
Now I am a little conerned that I could of in fact been compromised in some way, since I would be shocked to think this could be intentional part of the update check?
The Password should be encrypted?,surely....how could this happen
Any advice greatly appreciated
In order to check for updates (if the option to do so is enabled), KeePass downloads a small version information file and compares the available version with the installed version. No personal information is sent to the KeePass web server. If the installed version is less than the available version, KeePass shows a message that an update is available.
The update check doesn't download or install any application files. It doesn't rename any files on your PC. You can verify this by looking into the source code (file 'KeePass/Util/UpdateCheckEx.cs').
I don't know what happened on your PC, but it definitely doesn't have anything to do with the update check. Furthermore, there is no code in KeePass that renames 'KeePass.exe' to something else; so the rename you observed must have been done by some other application.
Thanks for quick response.
The update check was the only significant thing i observed just before hand...not that I was convinced it was as a result of that.
Now i am even more concerned, I guess changing all my passwords in that database is the safest option
Any other comments from all are welcomed
It is possible you managed to pop up a rename window immediately before typing in your master password.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.