KeePassXC-Browser のレビュー
KeePassXC-Browser 作成者: KeePassXC Team
aWalker によるレビュー
It's really a convenience to use this add-on with KeePassXC. But, there been an issue that has been raised several months back :
In my case
Firefox 83
KeePassXC-Browser 1.7.3
Ubuntu 20.04 LTS
`keepassxc-proxy` makes tcp connections to remote servers over internet & transfers data(with 36+ KB/s speed) without user permission under Linux root privileges.
tcp 0 0 192.168.42.245:52470 117.18.237.29:80 ESTABLISHED 20559/keepassxc-pro
tcp 0 392 192.168.42.245:34738 209.216.230.240:443 ESTABLISHED 20225/keepassxc-pro
tcp 1 0 192.168.42.245:49194 172.67.146.206:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:53060 104.20.214.50:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:60362 172.67.153.104:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 25 0 192.168.42.245:39074 151.101.113.137:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 7890 0 192.168.42.245:34738 209.216.230.240:443 CLOSE_WAIT 20225/keepassxc-pro
simple ip2location domain :
104.20.214.50 .... CloudFlare Inc.
117.18.237.29 .... edgecast.com
151.101.113.137 .. fastly.com
172.67.146.206 ... CloudFlare Inc.
172.67.153.104 ... CloudFlare Inc.
209.216.230.240 .. M5 Computer Security
I tried several times, had to lock password-DB out of fear.
This bug/issue is not addressed by Firefox, claim KeePassXC team on their issue-tracker-logs.
I'm in a limbo, is Firefox breaching user privacy without their knowledge; what data is being transferred to remote servers by keepassxc-proxy?
Should I abandon Firefox; isn't it the most secure (or configurable) browser out there?
Should I change passwords of hundreds of accounts now?
I'm using AutoTyping where ever it's possible & often wished they had auto-type separately for Username & Password; you know for pages like firefox or google account logins.
cheers
In my case
Firefox 83
KeePassXC-Browser 1.7.3
Ubuntu 20.04 LTS
`keepassxc-proxy` makes tcp connections to remote servers over internet & transfers data(with 36+ KB/s speed) without user permission under Linux root privileges.
tcp 0 0 192.168.42.245:52470 117.18.237.29:80 ESTABLISHED 20559/keepassxc-pro
tcp 0 392 192.168.42.245:34738 209.216.230.240:443 ESTABLISHED 20225/keepassxc-pro
tcp 1 0 192.168.42.245:49194 172.67.146.206:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:53060 104.20.214.50:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:60362 172.67.153.104:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 25 0 192.168.42.245:39074 151.101.113.137:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 7890 0 192.168.42.245:34738 209.216.230.240:443 CLOSE_WAIT 20225/keepassxc-pro
simple ip2location domain :
104.20.214.50 .... CloudFlare Inc.
117.18.237.29 .... edgecast.com
151.101.113.137 .. fastly.com
172.67.146.206 ... CloudFlare Inc.
172.67.153.104 ... CloudFlare Inc.
209.216.230.240 .. M5 Computer Security
I tried several times, had to lock password-DB out of fear.
This bug/issue is not addressed by Firefox, claim KeePassXC team on their issue-tracker-logs.
I'm in a limbo, is Firefox breaching user privacy without their knowledge; what data is being transferred to remote servers by keepassxc-proxy?
Should I abandon Firefox; isn't it the most secure (or configurable) browser out there?
Should I change passwords of hundreds of accounts now?
I'm using AutoTyping where ever it's possible & often wished they had auto-type separately for Username & Password; you know for pages like firefox or google account logins.
cheers
開発者の返信
投稿日時: 5年前This is not the first time the issues rises its head from the depths.
Here's the KeePassXC-Browser issue: https://github.com/keepassxreboot/keepassxc-browser/issues/100
And here's the Mozilla one: https://bugzilla.mozilla.org/show_bug.cgi?id=1463873
Again: this is a Firefox bug. If you look the connections keepassxc-proxy makes with Chromium-based browsers, you'll see none.
And to clarify: keepassxc-proxy does not make any connections. These are file descriptors that are leaking from the parent process (Firefox).
Here's the KeePassXC-Browser issue: https://github.com/keepassxreboot/keepassxc-browser/issues/100
And here's the Mozilla one: https://bugzilla.mozilla.org/show_bug.cgi?id=1463873
Again: this is a Firefox bug. If you look the connections keepassxc-proxy makes with Chromium-based browsers, you'll see none.
And to clarify: keepassxc-proxy does not make any connections. These are file descriptors that are leaking from the parent process (Firefox).
合計レビュー数: 726
- 5 段階中 5 の評価Firefox ユーザー 16478816 によるレビュー (11時間前)
- 5 段階中 5 の評価Ryan Steed によるレビュー (3日前)
- 5 段階中 5 の評価Firefox ユーザー 19642928 によるレビュー (4日前)
- 5 段階中 4 の評価Enunciate_Veggie によるレビュー (6日前)
- 5 段階中 5 の評価Firefox ユーザー 13447327 によるレビュー (15日前)
- 5 段階中 5 の評価Thrillhouse によるレビュー (1ヶ月前)
- Currently completely broken with more restrictive privacy configurations due to a bug (#2672) that was reported over two months ago and patched over a month ago - and still not released.
I would have thought show stopping bugs would be worth a point release, but apparently not.開発者の返信
投稿日時: 1ヶ月前Dear FartPie (love the nick btw), we've been collecting a bunch of various fixes and new features for the release, and it will be published soon. The bug you mentioned was not really high-priority, and not affecting many people so it didn't require a separate hotfix release. - 5 段階中 5 の評価Firefox ユーザー 18499562 によるレビュー (2ヶ月前)
- 5 段階中 5 の評価Ender Dobra によるレビュー (2ヶ月前)
- 5 段階中 5 の評価Lilith D. Bracken によるレビュー (2ヶ月前)KeePassXC-Browser is a great companion for the KeePassXC password manager. It makes filling in passwords and logging into sites quick and secure, without having to copy and paste manually. The integration is smooth, easy to use, and keeps your credentials safe. Perfect for anyone who wants strong password management right in the browser.
- 5 段階中 1 の評価Firefox ユーザー 19484545 によるレビュー (3ヶ月前)All of a sudden the connection between the extension and the app has broken and the extension doesn't function in any useful way. I'm surmising it's something to do with an update to Firefox to version 143.0.
- 5 段階中 5 の評価Aquiles Vaesa によるレビュー (4ヶ月前)
- 5 段階中 5 の評価Firefox ユーザー 17451381 によるレビュー (4ヶ月前)
- 5 段階中 4 の評価late night traveler によるレビュー (4ヶ月前)After updating to 1.9.9.3, some sites (such as Reddit) can no longer detect the login field. I'm in trouble.
開発者の返信
投稿日時: 4ヶ月前This happened because of better protections against clickjacking introduced in 1.9.9.3. The issue with e.g. Reddit is already fixed, and we are doing another release soon. Thanks :)