Hackers Can Retrieve Master Passwords from KeePass Memory

KeePass, a widely-used open-source password manager, saves user input in retrievable memory strings, including master passwords that protect the user’s credentials.

The problem stems from how KeePass handles user-typed content in forms, creating memory strings containing all the master password’s characters except for the first one.

The vulnerability, now tracked as CVE-2023-32784, was discovered by a security researcher who published a KeePass 2.X password dumper on GitHub two weeks ago to demonstrate the exploitation possibility. The tool retrieves data from the KeePass memory dump containing the sensitive info and delivers the potential password candidates to the users in readable plaintext form.

The Master Password Dumper will work no matter where the memory comes from (process dump, swap file, hibernation file, or RAM dump) or whether the workspace is locked, and may even retrieve secrets from RAM shortly after the program’s (KeePass) termination.

Impact on KeePass

The impact on users of the software is undeniably severe, as anyone holding the master password may unlock the software’s password database and retrieve all credentials for all online accounts of the impacted user.

However, several mitigating factors in CVE-2023-32784 somewhat lessen its impact, at least for most of the regular users of the application.

First, the flaw only impacts KeePass 2.X, including its latest version, 2.53.1. However, a significant portion of the KeePass userbase still uses KeePass 1.X, which isn’t vulnerable.

Secondly, the flaw may only be triggered by someone with physical access to the target’s computer or somebody who has

Read more

Explore the site

More from the blog

Latest News