Mike Yates

This is a newish vulnerability of the Android Webview component, so cannot be fixed by Keepass developers. However, it impacts the reputation of Keepass, so should be discussed here. This is a continuation of the thread "How to secure my database from unwanted access?"

I have started a new thread: 'Danger from "Autospill"?'

This is a newish vulnerability of the Android Webview component, so cannot be fixed by Keepass developers. However, it impacts Keepass the reputation of Keepass, so should be discussed here. This is a continuation of the thread "How to secure my database from unwanted access?"

When I said Google would fix this, I meant the vulnerability is in the Android Webview component. However, it seriously affects the reputation of Keepass, so users should be reasured, as you did, Paul, although a replication is not, as I understand it, required to exploit it. Sorry Bruce, this seemed the most relevant subject.

Correction: it does list Keepass2 1.09 as affected:- The researchers tested various password managers across Android 10, 11 and 12. They found that popular services such as 1Password 7.9.4, LastPass 5.11.0.9519, Enpass 6.8.2.666, Keeper 16.4.3.1048, and Keepass2Android 1.09c-r0 are susceptible to AutoSpill attacks, due to their use of Android's autofill framework. I suppose we'll have to wait for Google Android to fix it?

What news on "AutoSpill" - the Android vulnerability to all password managers? I've just read about it here - it doesn't mention Keepass as either affected or not. https://www.computing.co.uk/news/4155064/android-password-managers-vulnerable-autospill-attack-researchers-warn