KeePass has a serious vulnerability that can extract clear text master passwords
KeePass has a serious vulnerability that can extract clear text master passwords
KeePass has a serious vulnerability that can extract clear text master passwords
KeePass is a free and open source password manager that helps you manage passwords in a secure manner.
In theory, users only need to remember a master password or select a key file to unlock the entire database. However, researchers have recently discovered that KeePass The master password is at risk of being compromised.
The CVE ID of this vulnerability is CVE-2023-32784 , which affects KeePass 2.x versions. Criminals can use this vulnerability to retrieve the clear text master password of KeePass, even if the system is not running or locked.
The security researcher who discovered the vulnerability has released a proof-of-concept (PoC) tool on GitHub – KeePass 2.X Master Password Dumper, which can analyze memory dumps such as pagefile.sys, hiberfil.sys, or KeePass process dumps stored to return the master password in clear text.
Using this vulnerability and the PoC tool, it is possible to return all characters of the KeePass master password except the first character. However, this last character can also be quickly found by running the test.
The researchers discovered that the issue is caused by SecureTextBoxEx, a custom-developed text box for entering passwords in KeePass, which creates a residual string in memory for each character entered.
Currently, KeePass developer Dominik Reichl has released a test version of KeePass 2.54, which already includes a fix for this vulnerability.
According to the original development progress, the official version will not be launched until July, but due to the severity of the vulnerability, the developer will issue a new version in early June.
The patch in the beta adds a Windows API function call to get/set the textbox’s text directly, avoiding the creation of managed strings. Additionally, KeePass will now also create fake snippets in memory and mix them with the correct ones.
KeePass 1.x versions, and forked projects of KeePass (such as KeePassXC), are not affected by this problem.
KeePass has a serious vulnerability that can extract clear text master passwords
