vdohney

^^ Was just about to recommend Veracrypt.

Correct, full disk encryption makes it a lot harder for someone to exploit this. Even if your computer is stolen, there's not much an attacker can do.

Yes, that is correct. Your database file alone without anything else isn't enough.

Yes, that is correct. Your databas file alone without anything else isn't enough.

SecureTextBoxEx is a class used only in KeePass, it's part of the code. Windows.Forms.TextBox is a class in .NET Windows Forms. There are other UI frameworks, like WPF, that have dedicated password boxes (e.g. PasswordBox). There are also many other programming languages and UI frameworks that may or may not have the same issue. This particular behavior isn't related to the OS, but rather .NET CLR (Mono on Linux/macOS).

I see... In that case, I'd like to apologize to Dominik and everyone else for the problems caused. This wasn't the best way to handle it. I got confused by the previous statement on the contact page, saying that I shouldn't send anything KeePass-related to the email and it will be ignored.

I see... In that case, I'd like to apologize for the problems caused. This wasn't the best way to handle it. I got confused by the previous statement on the contact page, saying that I shouldn't send anything KeePass-related to the email and it will be ignored.

When the issue was already desribed publicly, anyone could have made their PoC for themselves with a few lines of code (see the PoC). I think that at that point, it is right to release it so that you can test if you are vulnerable or not.