February 2, 2023
KeePass Vulnerability Allows to Obtain Cleartext Passwords
A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext.
- CVE-2023-24055, (CVSS 3.1: 5.5, Medium) – The vulnerability allows a threat actor with write access to stealthily export the entire database in cleartext.
- KeePass Password Manager – Up to 2.53 in a default installation.
CYREBRO recommends KeePass users to secure their database by logging in as a system admin and creating an enforced configuration file. See instructions here.