CVE-2020-16271

CRITICAL

Kee Vault KeePassRPC <1.12.0 - Info Disclosure

Title source: llm

Description

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.

References (2)

[Vendor Advisory] https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040

[Exploit, Third Party Advisory] https://danzinger.wien/exploiting-keepassrpc/

Scores

CVSS v3 9.1

EPSS 0.0037

EPSS Percentile 59.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-330

Status published

Products (1)

kee/keepassrpc < 1.12.0

Published Aug 03, 2020

Tracked Since Feb 18, 2026