Get in Touch
KeePass vulnerability disclosed with a PoC
Update – KeePass security update remediates vulnerability: 6th of June 2023
Overview
The recently disclosed KeePass vulnerability, tracked as CVE-2023-32784 (CVSSv3 Score – 7.5) has been remediated with the latest vendor security update.
Updated Affected Products
The vulnerability reported on does not affect the following product versions:
– KeePass 1.x
– Strongbox
– KeePassXC
Updated Containment, Mitigations & Remediations
It is strongly recommended that all users of the 2.x branch of KeePass apply the version 2.54 security update as soon as possible.
If KeePass 2.x users are unable to apply the update immediately, the following workaround strategies are recommended:
– Reset the master password
– Delete crash dumps, hibernation files, and swap files that might contain fragments of their master password
– Reinstall the operating system
Updated Further Information
KeePass Version 2.54 Security Update
Target Industry
Indiscriminate, opportunistic targeting.
Overview
A Proof-of-Concept (PoC) code has been released with regards to a KeePass vulnerability, tracked as CVE-2023-32784 (CVSSv3 score not yet provided). The PoC demonstrated that code execution on the target system is not necessary and merely a memory dump is required for exploitation.
It should be noted that successful exploitation of the flaw requires a threat actor to have already compromised the target system. Further, the password must be typed on a keyboard and not copied from the system’s clipboard.
Impact
Successful exploitation of CVE-2023-32784 could allow a threat actor to recover the master password of a victim in cleartext under a specific set of conditions.
Vulnerability Detection
Due to the relevant security not being released at the time of writing, previous versions remain vulnerable to potential exploitation.
Affected Products
– KeePass versions 2.x for WindowsOS, LinuxOS and macOS
Containment, Mitigations & Remediations
The vulnerability is expected to receive a patch early in June 2023. Once this becomes available, it is strongly recommended that users apply the patch as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Due to a PoC exploit code having been released, coupled with the fact that KeePass is one of the most popular password manager platforms used globally, the vulnerability reported on remains a lucrative target for cyber threat actors.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Credential Access Technique:
– T1555 – Credentials from Password Stores
Further Information
– SourceForge KeePass Discussion