There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

"PSA: Update Vaultwarden as soon as possible"

See this post from another website for more context

A new version (1.32.0) of Vaultwarden is out with security fixes:

This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible.

CVE-2024-39924 Fixed via

CVE-2024-39925 Fixed via

CVE-2024-39926 Fixed via

Release page

synapse1278 ,
@synapse1278@lemmy.world avatar

Watchtower took care of that for me šŸ‘

milan ,
@milan@discuss.tchncs.de avatar

updated a little while ago due to this postā€¦ as the release number is not a .1, i wasnā€™t expecting this addressing cves. thanks :)

anzo ,

Not to flame on anyone, and without reading the details on the specific CVE. But, to share as an advice: this reason is why I prefer keepass + syncthing for my needs. Security for a full blown web app is not trivial and has a bigger ā€œattack surfaceā€ than a kdbx file moving p2p through my devices via syncthing.

BlueBockser ,

syncthing also relies on a web server for device discovery, itā€™s just that youā€™re probably using someone elseā€™s server instead of hosting your own.

Correct me if Iā€™m wrong, but I also think that Vaultwarden itself doesnā€™t have access to the unencrypted password database. In that sense itā€™s E2EE similar to KeePass, the only difference being that KeePass is a desktop app and Vaultwarden a web app.

problembasedperson ,

You can use Syncthing without relays or discovery servers.

kolorafa , (edited )

Explain how can you use KeePass+Syncthing with 10-50 people (possibly different groups for different passwords) having different sets of access level while maintaining sane ease of use?

The passwords are encrypted in the first place so the security for them is only on the client side.

khorak ,

I do not have to share passwords with 10-50 people and neither did the op imply this. I am having trouble figuring out the reasoning behind your message. Why would this be a normal use case?

MangoPenguin ,
@MangoPenguin@lemmy.blahaj.zone avatar

Security for a full blown web app is not trivial and has a bigger ā€œattack surfaceā€ than a kdbx file moving p2p through my devices via syncthing.

Absolutely.

My Vaultwarden instance is only accessible via LAN or VPN though, I donā€™t think Iā€™d want to expose it to the internet.

sudneo ,

Thanks for the headā€™s up!

slym ,
@slym@lemmy.ca avatar

Thanks

N1ghtstalk3r ,
@N1ghtstalk3r@lemmy.world avatar

Thanks for the post OP, updating my VaultWarden docker instance ASAP.

JASN_DE ,

Docker image is already updated.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • ā€¢
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •