this post was submitted on 20 Jun 2023
14 points (93.8% liked)
Free and Open Source Software
17949 readers
45 users here now
If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's a denial of service vulnerability. Requiring the existing master password to change the master password will stop a drive by miscreant denying you access to your db. And password change system I've ever used has required the existing password to he entered first.
Likewise a full db export feel like a big enough deal to require authorization.
If you're careful and lock your machine when you leave it then you should be pretty safe. I'm surprised these aren't already features.
They could just delete the file to deny you access to your db?
Yeah, that's fair. But a full db export that they could then email themselves. It'd be nice to have some more protection against that. Or Change the master password and email the encrypted file to themselves.