CVE-2023-32784
CVSS V2 None
CVSS V3 None
Description
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Overview
- CVE ID
- CVE-2023-32784
- Assigner
- cve@mitre.org
- Vulnerability Status
- Received
- Published Version
- 2023-05-15T06:15:10
- Last Modified Date
- 2023-05-15T06:15:10
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/vdohney/keepass-password-dumper | |
| https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-32784 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-05-15 07:00:32 | Added to TrackCVE |