A vulnerability has been discovered in the popular password manager KeePass, which, if exploited, allows extracting the master password from the application’s memory. Due to this, attackers who managed to compromise the victim’s device can steal all the passwords stored in the manager, even if the database is locked.
Image source: hothardware.com
The mentioned vulnerability is tracked under the identifier CVE-2023-3278. It was discovered by a researcher in the field of information security, known under the nickname vdohney. He published a brief description of the problem and a PoC exploit on GitHub that exploited the KeePass vulnerability. The issue affects KeePass 2.53 and earlier versions of the application.
The fact is that KeePass uses the SecureTextBoxEx field to enter a password, which saves the characters entered by the user in memory in clear text. This means that it is enough for an attacker to get hold of a memory dump, and this can be a dump of a process, a page file pagefile.sys, a hibernation file hiberfil.sys, various crash dumps, or a memory dump of the entire system. It also doesn’t matter if the workspace is locked or not or if KeePass is running.
The exploit has been tested on Windows, but a patched version is likely to work on macOS as well, as the vulnerability is related to the way the application handles data when entering a password, and not to the operating system itself. The vulnerability is expected to be fixed in KeePass 2.54, which should be launched in the next few weeks.
If you notice an error, select it with the mouse and press CTRL + ENTER.
Source: 3DNews – все новости сайта by 3dnews.ru.
*The article has been translated based on the content of 3DNews – все новости сайта by 3dnews.ru. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!
