In the following, we will describe the OAuth weaknesses in detail. The identified weaknesses were mostly based on the incorrect use of the OAuth authorization framework and insufficient protection against Cross-Site Scripting (XSS). During the test, we identified a total of 6 weaknesses – three classified as High and three classified as Medium. We conducted the 10 man-days penetration test between the 16th March and 3rd April 2020. Second, it is a web application written in JavaScript and accesses cloud storage providers using OAuth. First, its security is crucial, given the fact it processes the user’s password databases. We selected KeeWeb because it was an excellent fit for our pro bono program. It allows users to open and sync their password databases stored locally or in a cloud storage. KeeWeb is both available as a web application and cross-platform native application. The pro bono program offers applicants the chance to be selected for a free high-quality penetration test with a total expense of 10 man-days.Īs the first candidate, we selected KeeWeb, which is a KeePass compatible password manager. For this reason, we created our pro bono program last September. If you're still stuck, I'll try my best to help via the support forum.By supporting non-commercial organizations and open-source applications, we want to increase their security. If you're trying to set up the link to KeePass and are having trouble, you're not alone and there is a lot of advice on how to get it working on a variety of computers. I hope that the introduction of Kee Vault will enable a lot more people to secure their online life but of course existing or new users are still welcome to use the desktop KeePass program for the secure storage of their passwords. The biggest challenge people faced using the add-on in recent years is the initial setup and configuration of the 3rd party KeePass password manager. Any existing data will not be affected but you are strongly advised to delete any stored passwords from your Firefox password store in order to increase the security of your personal data and to avoid possible confusion in future.Īfter the excitement of the Kee Vault and Kee version 3.0 announcement I thought it's about time I updated these notes.įor those that don't know the history of this extension, it's been around for over 10 years it always has and always will be about helping as many people as possible to securely manage the many passwords that are required for so many websites nowadays. The built-in Firefox password manager will no longer prompt you to save passwords after you install this add-on. We maintain a page on our website that details these permissions and why we require them. Kee needs a variety of permissions to deliver it's functionality to you. You should pay particular attention to the full detailed installation instructions, getting started tutorial and any advice at the top of that page. If you would like to try Kee and it is not working for you, please use the help resources at since requests for support within review comments will remain un-noticed for a year or longer. You can look forward to even more improvements this year and join the discussion on the community forum to let us know what features you'd most like to see developed next. Kee has been the most highly rated Mozilla Firefox password management extension for nearly 10 years! The extension used to be called KeeFox and we have recently changed our icon to coincide with the announcement of the Kee Vault password manager service. If you decide that's not for you, the add-on can instead work with the free KeePass Password Safe 2 software and we offer step by step instructions for how to install and configure that to work on your Windows machine (and it can also be made to work on Mac and Linux with a bit more effort, with multiple guides existing to help in that endeavour) This is available for a free trial period with no credit card required. Kee offers an easy and cheap password management solution via the Kee Vault service. Your passwords stay under your control, protected by the most popular and thoroughly tested open source secure password storage system.Protect your personal and financial data by letting Kee create and remember high security passwords for you.Secure and automatic sign in to all your favourite websites.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |