KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)


A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw.

The bad news is that the vulnerability is still unfixed and that a PoC exploitation tool – aptly named KeePass 2.X Master Password Dumper – is publicly available, but the good news is that the password can’t be extracted remotely just by exploiting this flaw.

“If your computer is already infected by malware that’s running in the background with the privileges of your user, this finding doesn’t make your situation much worse,” says the researcher, who goes by the handle “vdohney”.

Read more…