Not understanding some of the responses, I think they did a pretty nice job trying to address the issues in their posts. Of course you could have been MITM but the vast majority of that danger comes from using public wifi and if you're smart you should be using a VPN provider anyway.
Realistically speaking here they found out about this at the same time as everyone else did and addressed it pretty quickly and professionally. Is there really anything else they or anyone else could have done, other then just use KeePass? Which has it's own major inconveniences that can only be addressed by some sort of cloud based solution (whether controlled by you or someone else), which probably would very likely have been using OpenSSL as well ...
Agreed that cloud services may be using OpenSSL to transfer the KeePass database to/from the client. Presume an attacker obtains the KeePass database via a MITM attack on communications to/from this cloud service. Then what?
The attacker needs to penetrate the defenses of the KeePass database itself, so I'm unsure of the point you're trying to make with KeePass and cloud services.
yup, good point. A good provider should have multiple protocol options but most people would use the default, something definitely to look into changing from the norm. i.e. if a lot of sites use OpenSSL for https then for your VPN you should probably use a different protocol, so no single vulnerability in either would screw you over.
Realistically speaking here they found out about this at the same time as everyone else did and addressed it pretty quickly and professionally. Is there really anything else they or anyone else could have done, other then just use KeePass? Which has it's own major inconveniences that can only be addressed by some sort of cloud based solution (whether controlled by you or someone else), which probably would very likely have been using OpenSSL as well ...