KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

2023-05-22 06:33

A proof-of-concept has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances.

"Apart from the first password character, it is mostly able to recover the password in plaintext," security researcher "Vdhoney," who discovered the flaw and devised a PoC, said.

"It doesn't matter where the memory comes from," the researcher added, stating, "It doesn't matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it's been since then."

Vdhoney said the vulnerability has to do with how a custom text box field used for entering the master password handles user input.

The disclosure comes a few months after another medium-severity flaw was uncovered in the open source password manager that could be potentially exploited to retrieve cleartext passwords from the password database by leveraging write access to the software's XML configuration file.

KeePass has maintained that the "Password database is not intended to be secure against an attacker who has that level of access to the local PC.".

News URL

https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html

#exploit #keepass