Attackers Can Obtain Cleartext Passwords via XML Configuration File
CVE-2023-24055

5.5MEDIUM

Key Information:

Vendor: Keepass
Status: Keepass
Vendor: CVE Published:; 22 January 2023

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 35%📰 News Worthy

What is CVE-2023-24055?

The vulnerability (CVE-2023-24055) in KeePass through version 2.53 allows attackers with write access to the XML configuration file to obtain cleartext passwords by adding an export trigger. The lead developer of KeePass disputes this as a problem, blaming the user for not keeping the environment secure. However, researchers and the security community argue that this vulnerability could be exploited by threat actors, and it is concerning that a proof-of-concept exploit has already been shared online. Users are recommended to implement additional security measures, but there is ongoing debate about the responsibility of KeePass for addressing this issue.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-24055_PoC
Created by alt3kx

CVE-2023-24055
Created by deetl

CVE-2023-24055
Created by duckbillsecurity

News Articles

BleepingComputer

CVE-2023-24055

KeePass disputes vulnerability allowing stealthy password theft

The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text.

Sophos News

CVE-2023-24055

Password-stealing “vulnerability” reported in KeePass – bug or feature?

It’s been a newsworthy few weeks for password managers – those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all. At the end of...