I have to agree with the reasoning. As a very interested user of KeePass, a CVE took my attention, and I do a lot of security research as part of my job.
I don’t think this should qualify as a CVE because it’s so close to assuming the conclusion that it’s effectively not a vulnerability. If you have a local attacker with arbitrary memory access, your password is in all likelyhood already owned.
It’s nearly the argument that a locally authenticated user could modify my bash.rc to alias sudo and steal my password. Of course, I know him; he’s me!
I have to agree with the reasoning. As a very interested user of KeePass, a CVE took my attention, and I do a lot of security research as part of my job.
I don’t think this should qualify as a CVE because it’s so close to assuming the conclusion that it’s effectively not a vulnerability. If you have a local attacker with arbitrary memory access, your password is in all likelyhood already owned.
It’s nearly the argument that a locally authenticated user could modify my
bash.rc
to alias sudo and steal my password. Of course, I know him; he’s me!