Security News > 2023 > January > KeePass disputes vulnerability allowing stealthy password theft

KeePass disputes vulnerability allowing stealthy password theft
2023-01-30 22:09

The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text.

The new vulnerability is now tracked as CVE-2023-24055, and it enables threat actors with write access to a target's system to alter the KeePass XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext.

This export process launches in the background without the user being notified or KeePass requesting the master password to be entered as confirmation before exporting, allowing the threat actor to quietly gain access to all of the stored passwords.

While the CERT teams of Netherlands and Belgium have also issued security advisories regarding CVE-2023-24055, the KeePass development team is arguing that this shouldn't be classified as a vulnerability given that attackers with write access to a target's device can also obtain the information contained within the KeePass database through other means.

A "Security Issues" page on the KeePass Help Center has been describing the "Write Access to Configuration File" issue since at least April 2019 as "Not really a security vulnerability of KeePass."

If the user has installed KeePass as a regular program and the attackers have write access, they can also "Perform various kinds of attacks." Threat actors can also replace the KeePass executable with malware if the user runs the portable version.


News URL

https://www.bleepingcomputer.com/news/security/keepass-disputes-vulnerability-allowing-stealthy-password-theft/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-22 CVE-2023-24055 Cleartext Storage of Sensitive Information vulnerability in Keepass
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger.
local
low complexity
keepass CWE-312
5.5