CVE-2023-32784
Description
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Severity: HIGH
CVE ID: CVE-2023-32784
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
vdohney
Original PoC for CVE-2023-32784
Refrence: GitHub
CTM1
KeePass Master Password Extraction PoC for Linux
Refrence: GitHub
und3sc0n0c1d0
This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass.
Refrence: GitHub
z-jxy
KeePass 2.X dumper (CVE-2023-32784)
Refrence: GitHub
LeDocteurDesBits
A CVE-2023-32784 proof-of-concept implementation in Rust
Refrence: GitHub
hau-zy
Re-write of original KeePass 2.X Master Password Dumper (CVE-2023-32784) POC in python.
Refrence: GitHub
dawnl3ss
Retrieve the master password of a keepass database <= 2.53.1
Refrence: GitHub
ValentinPundikov
Refrence: GitHub
mister-turtle
Refrence: GitHub
Content on GitHub
1ocho3 | watchers:1
NCL_V
5ª Edición de la National Cyberleague de la Guardia Civil
Refrence: GitHub