The Keepass Exploit: How Attackers Can Recover Master Passwords from Memory
A proof-of-concept (PoC) has been released for a security hole affecting the KeePass password manager that, under some situations, might be used to recover a victim’s master password in cleartext.
KeePass versions 2x for Windows, Linux, and macOS are affected by the problem, known as CVE-2023-32784, which is anticipated to be fixed in version 2.54, which is most likely to be issued at the beginning of next month.
Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn’t matter where the memory comes from the researcher added, stating, it doesn’t matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it’s been since then.
Security Researcher “vdohney,” who discovered the flaw and devised a PoC, said.
It’s important to note that a potential target’s computer must already be infected for the bug to be successfully exploited. Additionally, the password must be entered manually using a keyboard rather than being copied to the device’s clipboard.
According to Vdohney, the flaw is in the way a custom text box field is used to enter the master password processes user input. It has been discovered that it records each character the user types in the program memory.
Our Readers ALSO READUnveiling TurkoRat Malware In Node.js NPM Packages
As a result, there is a chance that a hacker may extract the program’s memory and reconstruct the password in plaintext, excluding the first character. It is encouraged for users to update to KeePass 2.54 as soon as it is made available.
The discovery comes a short time after another medium-severity weakness (CVE-2023-24055) in the free and open-source password manager was discovered. This flaw might have allowed someone with write access to the software’s XML configuration file to get cleartext passwords from the password database.
According to KeePass, the “password database is not intended to be secure against an attacker who has that level of access to the local PC.”
It also comes in the wake of Google security research results that described a vulnerability in password managers like Bitwarden, Dashlane, and Safari that can be exploited to automatically insert saved credentials into malicious websites, potentially resulting in account takeovers.