Skip to main content

CVE-2023-32784

Description

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

NVD
Severity: HIGH
CVE ID: CVE-2023-32784
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Refrence: NVDMITRE

Proof Of Concept

vdohney

Original PoC for CVE-2023-32784

Refrence: GitHub

CTM1

KeePass Master Password Extraction PoC for Linux

Refrence: GitHub

und3sc0n0c1d0

This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass.

Refrence: GitHub

z-jxy

KeePass 2.X dumper (CVE-2023-32784)

Refrence: GitHub

LeDocteurDesBits

A CVE-2023-32784 proof-of-concept implementation in Rust

Refrence: GitHub

hau-zy

Re-write of original KeePass 2.X Master Password Dumper (CVE-2023-32784) POC in python.

Refrence: GitHub

dawnl3ss

Retrieve the master password of a keepass database <= 2.53.1

Refrence: GitHub

ValentinPundikov

Refrence: GitHub

mister-turtle

Refrence: GitHub

Content on GitHub

1ocho3 | watchers:1

NCL_V
5ª Edición de la National Cyberleague de la Guardia Civil

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8