May 22, 2023

KeePass Vulnerability Allows Obtaining Cleartext Passwords

A recently discovered vulnerability in the open-source password management tool KeePass might allow the master password to be retrieved.
The vulnerability has a proof-of-concept (PoC) exploit available.

The Vulnerability

• CVE-2023-32784 –  Vulnerability in “SecureTextBoxEx” in KeePass –  where the master password and other passwords are entered during editing.

An attacker with local administrator privileges who successfully exploits the vulnerability may be able to retrieve the master password in plaintext, excluding the first password character.

Affected Products

• KeePass versions 2.x for Windows, Linux, and macOS, and is expected to be patched in version 2.54.

Mitigation

Since no official fix for the vulnerability has been distributed yet, CYREBRO recommends users of KeePass to:

• Change the master password.
• Delete hibernation file.
• Delete pagefile/swapfile.
• To prevent carving, overwrite deleted data on the HDD.
• Restart the machine.

References: NVD Advisory