Independent security audit: Complete!

For many years, you asked us for an independent audit of the app. We kept refusing the idea: audits are expensive, they check only one version, and you cannot check that the reviewed app was the same as the published one. In short, audits won’t protect you from malicious developers. But even honest developers can miss security vulnerabilities and even accidentally introduce them.

So we reached out to Cure53 — a well-known firm specializing on pentests and security audits. You will find quite a few big-name clients listed on their home page.

Three senior experts spent ten days analyzing KeePassium’s “cryptographic implementations, authentication mechanisms, data storage practices, network communications, and user interface, for potential vulnerabilities.” They had the full source code of KeePassium v1.53 and could run it in a debugger in a controlled environment.

Findings

The experts found three vulnerabilities:

• No strength checks on unlock passcode or passphrase (High)
• Favicon fetch exposes account list to traffic analysis (Low)
• Self-DoS through unreasonable key derivation settings (Low)

Strength checks

The highest-priority issue was that KeePassium silently allowed setting a weak app/database password. Our rationale was that KeePassium power users know what they are doing; if you want a one-letter password, that’s up to you. However, beginner users might choose a weak master password only because of limited knowledge. So from now on, KeePassium will warn people who try to set a weak app/database password.

Favicon download

The second issue was related to the favicon download tool. This feature makes KeePassium download a favicon from every website in your database, without as much as a warning. In a monitored or open network, an interested observer could thus learn the websites where you have accounts. A possible solution is to download favicons via a third-party service (like Google) — but that would expose the same website list to that service. So instead KeePassium will inform you about the risk and let you decide when your network is safe to use.

Encryption settings

Finally, KeePassium did not check sanity of database encryption settings. An unexperienced user could undermine their database by setting too weak or too aggressive encryption parameters. From now on, KeePassium will warn users who choose too extreme database encryption settings.

Summary

All the issues had a common theme: the app did not provide enough feedback for an informed choice. All three were successfully fixed by more informative messaging. Power users still can choose to ignore the warnings: your data, your choice.

Full report: KeePassium audit report by Cure53 (October 2024)

P.S. The experts also outlined several weaknesses of the AES-KDF algorithm (used by default in KDB and KDBX3 database formats). KeePassium supports this algorithm only for compatibility with older databases. If you waited for a good reason to switch to Argon2 — here it is.