Widespread password supervisor KeePass has a worrying exploit that might probably end in your grasp password being stolen.
A safety researcher has revealed a proof-of-concept that demonstrates how a menace actor may extract a person’s grasp password from the KeePass app’s reminiscence by exploiting a bug, tracked as CVE-2023-3278 .
“KeePass Grasp Password Dumper is a straightforward proof-of-concept instrument used to dump the grasp password from KeePass’s reminiscence. Other than the primary password character, it’s largely in a position to recuperate the password in plaintext,” claims the researcher.
No code execution
They added that, “No code execution on the goal system is required, only a reminiscence dump. It would not matter the place the reminiscence comes from – may be the course of dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of your entire system. It would not matter whether or not or not the workspace is locked.”
The grasp password will also be extracted from the system’s RAM after KeePass has stopped operating, though the researcher famous that the extra time has elapsed for the reason that app’s closure, the probabilities of profitable extraction lower.
The PoC was examined on Home windows, however the researcher claims that the exploit additionally works on macOS and Linux variations.
The PoC works by exploiting a custom-developed textual content field for password entry, SecureTextBoxEx, which commits the characters a person sorts to the system reminiscence. This field is just not solely used when typing the grasp password, but additionally when enhancing different saved passwords as nicely, so these may be compromised.
The flaw impacts KeePass 2.53.1 and any forks (the app is open-source) primarily based on the unique KeePass 2.X app written in .NET. The researcher states that KeePassXC, Strongbox, and KeePass 1.X are usually not affected, amongst potential different variations.
KeePass developer Dominik Reichl confirmed the existence of the vulnerability. A repair must be coming this June with model 2.54. The danger of an assault taking place within the wild is considerably restricted, although.
The researcher says that in case your system is already contaminated with malware, then this exploit may make it simpler for them to go undetected when making an attempt to steal your grasp password, since no code execution is required. Nonetheless, in case your system is clear, then you need to be positive, as “nobody can steal your passwords remotely over the web with this discovering alone,” states the researcher.