Security News
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
By Jonathan Leitschuh - Aug 19, 2025
keepasser
Keepasser
I use KeePassX on various Macbooks and my Phone, with the .kdb file stored in Dropbox. For reasons I can't quite fathom, these files have started to suffer what appear to be merge-conflicts, so now my Dropbox looks like this:
keepassx (Sam P's conflicted copy) (1) (Sam P's conflicted copy).kdb
keepassx (Sam P's conflicted copy) (1).kdb
keepassx (Sam P's conflicted copy).kdb
keepassx (sampi's conflicted copy 2017-12-11).kdb
keepassx (sampi's conflicted copy 2018-01-29).kdb
keepassx.kdb
which, I'm sure you'll agree, is upsetting for any number of reasons. These files are all intact and usable, but it means that some of my logins are an untrustworthy mess
So, how does this help?
Well, once you've installed the gem
git clone https://github.com/pikesley/keepasser
cd keepasser
bundle
rake install
you need to:
- Open each of the
.kdbfiles File>Export to>Text file- I used the
.kdbname betweenkeepassxand.kdbfor the filename - Yes, you now have all of your passwords on your laptop in plaintext which is obviously a fucking terrible idea, just remember to delete them when you're done, eh?
- I used the
- Then, one at time, do
keepasser compare <trusted.kdb> <some_terrible_name.kdb>
You should see some YAMLy output like:
---
Missing entries:
web:
- Netflix:
title: Netflix
username: email@example.com
url: ''
password: password
comment:
- ''
- all4:
title: all4
username: email@example.com
url: ''
password: password
comment:
- ''
- bbc:
title: bbc
username: email@example.com
url: ''
password: password
comment:
- ''
- gopro:
title: gopro
username: email@example.com
url: ''
password: password
comment:
- ''
Different data:
web:
amazon:
password:
- oldpassword
- newpassword
Notes
- The assumption here is that
<trusted.kdb>is your canonical database, and you're interested in tracking-down entries that are in the rogue DBs but not thetrustedone, and adding them totrusted - For the
Different datasection, I just went to the services concerned and tried each password to see which one was cromulent - I may be the only person having this problem, of course
FAQs
Unknown package
We found that keepasser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Mar 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Oxlint Introduces Type-Aware Linting Preview
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.
By Sarah Gooding - Aug 18, 2025
Security News
New Website “Is It Really FOSS?” Tracks Transparency in Open Source Distribution Models
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
By Sarah Gooding - Aug 15, 2025