A proof of concept (PoC) has been published for a security flaw affecting the KeePass password manager, which under certain circumstances can be exploited to recover a victim’s master password in plaintext.
This issue, tracked as CVE-2023-32784, affects KeePass versions 2.x for Windows, Linux and macOS and will be patched in version 2.54, which is likely to be released early next month. .
Security researcher “vdhoney”, who discovered the flaw and devised the PoC, said, “Apart from the first letter of the password, most of the time you can recover the password in plaintext.” “No code execution on the target system is required, just a memory dump.”
“It doesn’t matter where the memory came from,” the researchers added, adding, “It doesn’t matter if the workspace is locked or not. It is also possible to dump passwords from RAM after KeePass is no longer running. However, the chances of it working go down over time.”
It’s worth noting that exploiting the flaw bank is successful provided the attacker has already compromised the potential target’s computer. Also, the password must be typed on the keyboard, not copied from the clipboard.
vdhoney said the vulnerability has to do with how the custom textbox field used to enter the master password handles user input. Specifically, it is known to leave a trail of every character the user types into program memory.
This creates a scenario where an attacker can dump the program’s memory and reassemble the password in plaintext, minus the first character. Once KeePass 2.54 is available, users are encouraged to update to it.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
This disclosure comes months after another moderate-severity flaw (CVE-2023-24055) was discovered in an open-source password manager. This flaw could be exploited to retrieve cleartext passwords from a password database using write access to the software’s XML configuration file. .
KeePass claims that “the password database is not intended to be secure against attackers with that level of access to your local PC.”
It was also exploited by password managers such as Bitwarden, Dashlane, and Safari to auto-fill saved credentials into untrusted web pages, potentially resulting in account takeover based on Google’s security research. Thing.
