ShiftDelete.net
FOLLOW US

KeePass flaw risks exposure of master passwords

KeePass's new security vulnerability potentially allows attackers to retrieve master passwords from memory.

KeePass flaw risks exposure of master passwords

The password manager KeePass, trusted by many, has been found to house a potential security flaw. This vulnerability, given specific conditions, could allow malefactors to recover a user’s master password straight from the system’s memory.

Probing the vulnerability

The flaw, marked as CVE-2023-32784, impacts KeePass 2.x versions across Windows, Linux, and macOS. KeePass plans to rectify this issue in the forthcoming version 2.54, due for release early next month.

“vdohney,” the security researcher who unearthed this flaw and proceeded to create a proof-of-concept (PoC), stated that it’s possible to recover most of the password in plaintext, except for the first character. Importantly, he noted that exploiting this flaw doesn’t necessitate any code execution on the target system – a mere memory dump will suffice.

The researcher went on to say that the origin of the memory is irrelevant to the exploit. There remains a possibility to extract the password from RAM even after KeePass has been shut down, although this probability diminishes with time.

Crucially, for a successful exploitation, the target’s device would already need to be compromised. Moreover, the password must be keyed in and not pasted from a device’s clipboard.

Root cause of the vulnerability

The cause of this vulnerability, according to vdohney, lies in the handling of user data by a custom text box field designed for master password entry. This process appears to leave a memory trace of each character keyed in.

This sets up a situation where an attacker could potentially dump the program’s memory and subsequently reconstruct the password. Except for the first character, the rest of the assembled password would be in plaintext. Users are strongly recommended to update to KeePass 2.54 when it becomes available.

Placing the flaw in context

The exposure of this flaw follows the recent discovery of another medium-severity flaw in KeePass (CVE-2023-24055). That vulnerability could potentially be exploited to retrieve plaintext passwords from the password database by leveraging write access to the software’s XML configuration file.

Google’s security research previously reported similar vulnerabilities in other password managers like Bitwarden, Dashlane, and Safari. However, KeePass maintains a different stance. They argue that their password database doesn’t aim to provide security against an attacker who has such high-level access to the local PC.

This certainly makes the cybersecurity scenario more intricate, doesn’t it, dear readers? We’d love to hear your perspectives on this matter. Please feel free to share your insights in the comment section below!

SDN Comments 0 Comments

Comment

Related News

What’s wrong with Apple’s iPadOS 18?
What’s wrong with Apple’s iPadOS 18?
Enjoy taking photos on Equinox Day with vivo X100 Pro!
Enjoy taking photos on Equinox Day with vivo X100 Pro!
9/10 rated games are now free on the Epic Games Store!
9/10 rated games are now free on the Epic Games Store!
PlayStation 30th anniversary collection unveiled
PlayStation 30th anniversary collection unveiled

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Co-Founder.Work Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio