Memory Dump Vulnerability in KeePass 2.x Allows Recovery of Cleartext Master Password
CVE-2023-32784
Key Information:
- Vendor
- Keepass
- Status
- Keepass
- Vendor
- CVE Published:
- 15 May 2023
Badges
Summary
An issue exists in KeePass 2.x versions prior to 2.54 where attackers can exploit memory dumps to recover the cleartext master password, even if the workspace is locked or the application is no longer running. This exploitation can occur through various forms of memory dumps, such as a KeePass process dump, swap file, hibernation file, or a RAM dump of the system, with the only limitation being that the first character of the password cannot be retrieved. Version 2.54 introduces mitigation via the use of alternative API functions and random string insertion to enhance security against this risk.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
The Hacker NewsCVE-2023-32784KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
A newly discovered security flaw (CVE-2023-32784) in KeyPass password manager software could expose your master password in cleartext!
References
EPSS Score
65% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- π°
First article discovered by The Hacker News
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved