These really aren’t vulnerabilities. Give the github issue a read. Basically, if they have access to the unencrypted db, then asking for the password again is just window dressing. It doesn’t really provide much, if any security value as they already have the data from the db.
Keepassxc is not an online manager. It doesn’t really make sense to require a password when making changes as they already have access to everything if they have local access to the machine when the db is unlocked.
These really aren’t vulnerabilities. Give the github issue a read. Basically, if they have access to the unencrypted db, then asking for the password again is just window dressing. It doesn’t really provide much, if any security value as they already have the data from the db.
Keepassxc is not an online manager. It doesn’t really make sense to require a password when making changes as they already have access to everything if they have local access to the machine when the db is unlocked.