Update – KeePass security update remediates vulnerability: 6th of June 2023

Overview

The recently disclosed KeePass vulnerability, tracked as CVE-2023-32784 (CVSSv3 Score – 7.5) has been remediated with the latest vendor security update.

Updated Affected Products

The vulnerability reported on does not affect the following product versions:

– KeePass 1.x

– Strongbox

– KeePassXC

Updated Containment, Mitigations & Remediations

It is strongly recommended that all users of the 2.x branch of KeePass apply the version 2.54 security update as soon as possible.

If KeePass 2.x users are unable to apply the update immediately, the following workaround strategies are recommended:

– Reset the master password

– Delete crash dumps, hibernation files, and swap files that might contain fragments of their master password

– Reinstall the operating system

Updated Further Information

KeePass Version 2.54 Security Update

Target Industry

Indiscriminate, opportunistic targeting.

Overview

A Proof-of-Concept (PoC) code has been released with regards to a KeePass vulnerability, tracked as CVE-2023-32784 (CVSSv3 score not yet provided). The PoC demonstrated that code execution on the target system is not necessary and merely a memory dump is required for exploitation.

It should be noted that successful exploitation of the flaw requires a threat actor to have already compromised the target system. Further, the password must be typed on a keyboard and not copied from the system’s clipboard.

Impact

Successful exploitation of CVE-2023-32784 could allow a threat actor to recover the master password of a victim in cleartext under a specific set of conditions.

Vulnerability Detection

Due to the relevant security not being released at the time of writing, previous versions remain vulnerable to potential exploitation.

Affected Products

– KeePass versions 2.x for WindowsOS, LinuxOS and macOS

Containment, Mitigations & Remediations

The vulnerability is expected to receive a patch early in June 2023. Once this becomes available, it is strongly recommended that users apply the patch as soon as possible.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Due to a PoC exploit code having been released, coupled with the fact that KeePass is one of the most popular password manager platforms used globally, the vulnerability reported on remains a lucrative target for cyber threat actors.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Credential Access Technique:

– T1555 – Credentials from Password Stores

Further Information

– SourceForge KeePass Discussion

– GitHub PoC