[droidmonkey]

A blog post has been put up to address this: https://keepassxc.org/blog/2023-06-20-cve-202335866/

Additionally, this is certainly not unique to KeePassXC. KeePass original and other clones we have tested do not require entering your credentials again prior to export or credential change.

[riedel]

I am a happy keepassxc user but I have criticized the authors on multiple occasions for not investing in a clear documentation of an attacker model. It seems to me a lot of bogus security is added here and there and this non-CVE is the result, because people demand more of that.