- Mar 13, 2022
Open source password manager KeePass was updated over the weekend to patch a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump.
Tracked as CVE-2023-32784 and impacting KeePass 2.x versions, the issue is related to the custom-developed textbox used for password entry, which creates a leftover string in memory for each character that the user types.
An attacker can use a KeePass process dump, a hibernation file, a swap file, or even a RAM dump of the entire system to retrieve the strings and reconstruct the typed password. Because the strings are ordered in memory, even multiple typed-in passwords can be retrieved.
Several weeks ago, a security researcher published a proof-of-concept (PoC) tool that can exploit the vulnerability to retrieve passwords from memory dumps.
KeePass 2.54 patches a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump.