KeePass Developer Prefers Money over Security

Password managers are a convenient way to create unique passwords for every site, and remember them without too much trouble. KeePass 2 is one of the prominent players in this market, but the developer is getting into contested waters. As it turns out, he refused to patch a security flaw as he would lose ad revenue otherwise.

KeePass Is Vulnerable To MiTM Attack

In this day and age of data breaches and consumers demanding more privacy, there is no room for error or personal gain. KeePass 2 developer Dominik Reichl would like to argue that point, however, as he wants to ensure the ad revenue of his password manager tool is not affected.Even a security flaw will not make him change his mind, which is quite worrying.

KeePass 2 has a security flaw in its update check, which leaves room for hackers to exploit this vulnerability. A man-in-the-middle attack could be executed to let users patch their client with a fake update. Doing so would give assailants access to the stored passwords in the client, and wreak havoc on a large scale.

Fixing this vulnerability would require an upgrade by Reichl, which would encrypt all web traffic. However, in doing so, he would potentially lose out on a significant amount of ad revenue, which is invaluable to smaller developers. Then again, when consumers stop using KeePass 2 due to this vulnerability, there is more at stake than just ad revenue.

Related Post

That being said, Reichl has indicated his plan to switch to encryption as soon as it is possible and financially feasible. Moreover, KeePass 2 users can always verify the integrity of the update they are downloading, which should mitigate the risk of a man-in-the-middle attack by a significant margin.

In the end, there seems to be a worrying trend in the world of software development. When creators value ad revenue over user security, things are evolving in the wrong direction. Security should always be the top priority as it will affect the entire business model. Knowingly exposing users to attack is not the right way to go.

Source: Engadget

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

6 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

6 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

6 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

6 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

6 hours ago

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

9 hours ago