Memory Dump Vulnerability in KeePass 2.x Allows Recovery of Cleartext Master Password

CVE-2023-32784
7.5HIGH

Key Information

Vendor
Keepass
Status
Keepass
Vendor
CVE Published:
15 May 2023

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • First article discovered by The Hacker News

  • 👾

    Exploit exists.

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database8 Proof of Concept(s)1 News Article(s)
.