KeePassXC-Browser 的評論
KeePassXC-Browser 作者: KeePassXC Team
aWalker 所留下的評論
It's really a convenience to use this add-on with KeePassXC. But, there been an issue that has been raised several months back :
In my case
Firefox 83
KeePassXC-Browser 1.7.3
Ubuntu 20.04 LTS
`keepassxc-proxy` makes tcp connections to remote servers over internet & transfers data(with 36+ KB/s speed) without user permission under Linux root privileges.
tcp 0 0 192.168.42.245:52470 117.18.237.29:80 ESTABLISHED 20559/keepassxc-pro
tcp 0 392 192.168.42.245:34738 209.216.230.240:443 ESTABLISHED 20225/keepassxc-pro
tcp 1 0 192.168.42.245:49194 172.67.146.206:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:53060 104.20.214.50:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:60362 172.67.153.104:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 25 0 192.168.42.245:39074 151.101.113.137:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 7890 0 192.168.42.245:34738 209.216.230.240:443 CLOSE_WAIT 20225/keepassxc-pro
simple ip2location domain :
104.20.214.50 .... CloudFlare Inc.
117.18.237.29 .... edgecast.com
151.101.113.137 .. fastly.com
172.67.146.206 ... CloudFlare Inc.
172.67.153.104 ... CloudFlare Inc.
209.216.230.240 .. M5 Computer Security
I tried several times, had to lock password-DB out of fear.
This bug/issue is not addressed by Firefox, claim KeePassXC team on their issue-tracker-logs.
I'm in a limbo, is Firefox breaching user privacy without their knowledge; what data is being transferred to remote servers by keepassxc-proxy?
Should I abandon Firefox; isn't it the most secure (or configurable) browser out there?
Should I change passwords of hundreds of accounts now?
I'm using AutoTyping where ever it's possible & often wished they had auto-type separately for Username & Password; you know for pages like firefox or google account logins.
cheers
In my case
Firefox 83
KeePassXC-Browser 1.7.3
Ubuntu 20.04 LTS
`keepassxc-proxy` makes tcp connections to remote servers over internet & transfers data(with 36+ KB/s speed) without user permission under Linux root privileges.
tcp 0 0 192.168.42.245:52470 117.18.237.29:80 ESTABLISHED 20559/keepassxc-pro
tcp 0 392 192.168.42.245:34738 209.216.230.240:443 ESTABLISHED 20225/keepassxc-pro
tcp 1 0 192.168.42.245:49194 172.67.146.206:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:53060 104.20.214.50:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 1 0 192.168.42.245:60362 172.67.153.104:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 25 0 192.168.42.245:39074 151.101.113.137:443 CLOSE_WAIT 20225/keepassxc-pro
tcp 7890 0 192.168.42.245:34738 209.216.230.240:443 CLOSE_WAIT 20225/keepassxc-pro
simple ip2location domain :
104.20.214.50 .... CloudFlare Inc.
117.18.237.29 .... edgecast.com
151.101.113.137 .. fastly.com
172.67.146.206 ... CloudFlare Inc.
172.67.153.104 ... CloudFlare Inc.
209.216.230.240 .. M5 Computer Security
I tried several times, had to lock password-DB out of fear.
This bug/issue is not addressed by Firefox, claim KeePassXC team on their issue-tracker-logs.
I'm in a limbo, is Firefox breaching user privacy without their knowledge; what data is being transferred to remote servers by keepassxc-proxy?
Should I abandon Firefox; isn't it the most secure (or configurable) browser out there?
Should I change passwords of hundreds of accounts now?
I'm using AutoTyping where ever it's possible & often wished they had auto-type separately for Username & Password; you know for pages like firefox or google account logins.
cheers
開發者回應
張貼於 5 年前This is not the first time the issues rises its head from the depths.
Here's the KeePassXC-Browser issue: https://github.com/keepassxreboot/keepassxc-browser/issues/100
And here's the Mozilla one: https://bugzilla.mozilla.org/show_bug.cgi?id=1463873
Again: this is a Firefox bug. If you look the connections keepassxc-proxy makes with Chromium-based browsers, you'll see none.
And to clarify: keepassxc-proxy does not make any connections. These are file descriptors that are leaking from the parent process (Firefox).
Here's the KeePassXC-Browser issue: https://github.com/keepassxreboot/keepassxc-browser/issues/100
And here's the Mozilla one: https://bugzilla.mozilla.org/show_bug.cgi?id=1463873
Again: this is a Firefox bug. If you look the connections keepassxc-proxy makes with Chromium-based browsers, you'll see none.
And to clarify: keepassxc-proxy does not make any connections. These are file descriptors that are leaking from the parent process (Firefox).
727 筆評論
- 評價 5 分,滿分 5 分來自 Firefox 使用者 16478816,10 天前
- 評價 5 分,滿分 5 分來自 Ryan Steed,12 天前
- 評價 5 分,滿分 5 分來自 Firefox 使用者 19642928,13 天前
- 評價 4 分,滿分 5 分來自 Enunciate_Veggie,15 天前
- 評價 5 分,滿分 5 分來自 Firefox 使用者 13447327,24 天前
- 評價 5 分,滿分 5 分來自 Thrillhouse,1 個月前
- Currently completely broken with more restrictive privacy configurations due to a bug (#2672) that was reported over two months ago and patched over a month ago - and still not released.
I would have thought show stopping bugs would be worth a point release, but apparently not.開發者回應
張貼於 2 個月前Dear FartPie (love the nick btw), we've been collecting a bunch of various fixes and new features for the release, and it will be published soon. The bug you mentioned was not really high-priority, and not affecting many people so it didn't require a separate hotfix release. - 評價 5 分,滿分 5 分來自 Firefox 使用者 18499562,3 個月前
- 評價 5 分,滿分 5 分來自 Ender Dobra,3 個月前
- 評價 5 分,滿分 5 分來自 Lilith D. Bracken,3 個月前KeePassXC-Browser is a great companion for the KeePassXC password manager. It makes filling in passwords and logging into sites quick and secure, without having to copy and paste manually. The integration is smooth, easy to use, and keeps your credentials safe. Perfect for anyone who wants strong password management right in the browser.
- 評價 1 分,滿分 5 分來自 Firefox 使用者 19484545,3 個月前All of a sudden the connection between the extension and the app has broken and the extension doesn't function in any useful way. I'm surmising it's something to do with an update to Firefox to version 143.0.
- 評價 5 分,滿分 5 分來自 Aquiles Vaesa,4 個月前
- 評價 5 分,滿分 5 分來自 Firefox 使用者 17451381,4 個月前
- 評價 4 分,滿分 5 分來自 late night traveler,4 個月前After updating to 1.9.9.3, some sites (such as Reddit) can no longer detect the login field. I'm in trouble.
開發者回應
張貼於 4 個月前This happened because of better protections against clickjacking introduced in 1.9.9.3. The issue with e.g. Reddit is already fixed, and we are doing another release soon. Thanks :)