severity 791858 grave tags 791858 security thanks How come this bug has not been marked as a pretty severe security issue?
Just accessing a menu item, but canceling the export operation by hitting Esc or clicking Cancel silently creates a hidden (dotfile) cleartext copy of all of the user's KeePassX password database entries in the user's home directory. This may go unnoticed by the user for years, while countless copies of the file propagate to backups etc., and with Debian's default umask, the file is even world-readable in multiuser machines.