Security News > 2023 > May > KeePass exploit helps retrieve cleartext master password, fix coming soon
The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked.
This master password encrypts the KeePass password database, preventing it from being opened or read without first entering the password.
A new KeePass vulnerability tracked as CVE-2023-3278 makes it possible to recover the KeePass master password, apart from the first one or two characters, in cleartext form, regardless of whether the KeePass workspace is locked, or possibly, even if the program is closed.
"KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character, it is mostly able to recover the password in plaintext," warns the security researcher on the GitHub page for the exploit tool.
"KeePass 2.X uses a custom-developed text box for password entry, SecureTextBoxEx. This text box is not only used for the master password entry, but in other places in KeePass as well, like password edit boxes," explains vdohney.
Information-stealing malware could quickly check if KeePass exists on a computer or is running, and if so, dump the program's memory and send it and the KeePass database back to the attacker for offline retrieval of the cleartext password from the memory dump.