Notice: Die Funktion wp_register_script wurde fehlerhaft aufgerufen. Nicht erkannte(r) Schlüssel im Parameter $args: defer. Unterstützte Schlüssel: strategy, in_footer, fetchpriority, module_dependencies Weitere Informationen: Debugging in WordPress (engl.). (Diese Meldung wurde in Version 7.0.0 hinzugefügt.) in /var/www/vhosts/mgm-sp.217-154-231-6.plesk.page/httpdocs/wp-includes/functions.php on line 6170

Notice: Die Funktion wp_register_script wurde fehlerhaft aufgerufen. Nicht erkannte(r) Schlüssel im Parameter $args: defer. Unterstützte Schlüssel: strategy, in_footer, fetchpriority, module_dependencies Weitere Informationen: Debugging in WordPress (engl.). (Diese Meldung wurde in Version 7.0.0 hinzugefügt.) in /var/www/vhosts/mgm-sp.217-154-231-6.plesk.page/httpdocs/wp-includes/functions.php on line 6170
Security of Vaultwarden and Keepass analyzed for the BSI – mgm security partners
Notice: The wp_enqueue_script function was incorrect Called. Unrecognized key(s) in the $args parameter: async. Supported keys: strategy, in_footer, fetchpriority, module_dependencies. For more information: Debugging in WordPress. (This message was added in version 7.0.0.) in /var/www/vhosts/mgm-sp.217-154-231-6.plesk.page/httpdocs/wp-includes/functions.php online 6170

Security of Vaultwarden and Keepass analyzed for the BSI

October 16, 2024 |
Tags: SAST
Kategorie: News Publication

Static Code Analysis (SAST) of Open Source Software

On behalf of the German Federal Office for Information Security (BSI), we conducted a security analysis of the open-source applications Vaultwarden and Keepass, employing static code analysis and dynamic analysis (pentests). In Vaultwarden, we discovered two vulnerabilities with elevated risk potential and several other security-relevant issues. These were immediately reported to the developers and have largely been resolved. In Keepass, we also identified some security problems, although less severe. The project aims to improve the security of popular open-source software, especially for applications used by government agencies or private users. This initiative will continue with other open-source applications.

The analysis was carried out in spring/summer 2024 and published on 14.10.24.

BSI Report
Article on Heise Online

The Author

Mirko Richter

Mirko Richter is a Software Security Consultant, Source Code Analysis Specialist and Training Manager for basic training courses up to advanced coding and Secure SDLC training. He has been involved in software development, architecture and security since the mid-90s. He is a speaker at conferences and author of several technical articles.