KeePass vulnerability enables master password theft
A vulnerability in password manager KeePass enables a potential attacker to obtain a plaintext master password from a user workspace — even if the workspace is locked.
The flaw, designated CVE-2023-32784 in the National Vulnerability Database, was made public Monday alongside a proof-of-concept (POC) exploit by Github user “Vdohney.” According to the POC’s readme, it is a “simple” tool used to recover the master password in plaintext from a KeePass instance’s memory.
No code execution is required, and the readme claimed the exploit works regardless of whether the memory originates from a process dump, RAM dump, hibernation file or swap file. Vdohney also said in the GitHub post that it also doesn’t matter whether the target user’s system or workspace is locked down, and that it’s still possible to dump the passwords from memory even if KeePas …