Rating:
Steal password from KeePass through chromeipass.
So sad, chromeipass it's insecure. Unconcerned one can steal your passwords with a simple XSS because DOMs injected by chromeipass are accessible for the page. 1Password have no this problem because its password selection window is independent.
We know, chromeipass have multiple backends. KeePass C# with pfn/KeePassHttp is the most secure backend. It has "KeePassHttp Settings" for each item and allows users to add a website into whitelist or blacklist. When the website requests an item, it will show a notification default. To keep safe, just remove stored permissions from all entries and do not disable notification, and you will be prompted when autofill.
KeeWeb + KeeWebHttp is insecure. It have no prompt or notifications.
MacPass + MacPassHttp is very insecure. If you sure want to use it, at least upgrade MacPassHttp to the latest version. The inspiration for this challenge came from a vulnerability I found and fixed in MacPassHttp.
