Password Safe Local Insecure Idle Timeout Lock Vulnerability

Password Safe Local Insecure Idle Timeout Lock Vulnerability

Password Safe is prone to a vulnerability that may result in information disclosure. This issue is due to a flaw in the implementation of the inactivity timer, which is designed to lock the database when it is not in use.

This issue may allow local attackers to gain access to the contents of the Password Safe database, since the database-locking feature may not function correctly under certain circumstances.

Versions 2.11, 2.16, and 3.0 beta 1 are vulnerable to this issue. Other versions may also be affected.