Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUESTION] Potential Security Risk with AutoOpen URLs Containing Cleartext Credentials? #2608

Open
DennisK90 opened this issue May 26, 2024 · 0 comments
Open

[QUESTION] Potential Security Risk with AutoOpen URLs Containing Cleartext Credentials? #2608

DennisK90 opened this issue May 26, 2024 · 0 comments
Labels
question

Comments

@DennisK90
Copy link

Version: 1.10-pre

I am using Keepass2Android and generally find it very useful. However, I have a concern regarding the AutoOpen feature. When I create a child database and link it via WebDAV, the AutoOpen entry in the parent database contains the URL to the child database with the username and password in cleartext.

Does the presence of cleartext credentials in the URL pose a security risk when Keepass2Android establishes the connection to the child database? Specifically, I am worried about potential vulnerabilities during the transmission or storage of these credentials.

Thanks for any Help!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DennisK90