Security News

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. This master password encrypts the KeePass password database, preventing it from being opened or read without first entering the password.

A vulnerability in the open-source password manager KeePass can be exploited to retrieve the master password from the software's memory, says the researcher who unearthed the flaw.The bad news is that the vulnerability is still unfixed and that a PoC exploitation tool - aptly named KeePass 2.X Master Password Dumper - is publicly available, but the good news is that the password can't be extracted remotely just by exploiting this flaw.