CVE-2023-32784 - KeePass
Share
In today's post we come to talk about KeePass, a well-known password manager. KeePass Password Safe is a free and open source password manager that is used to manage your passwords securely, thus allowing you to have a password for each service without dying trying. The way KeePass works is based on having a master password, which must be very robust and will need to be remembered, so this key will give us access to our password database, taking into account that we can generate them randomly and not we will need to remember them.
Although we always recommend the use of this tool or similar ones to protect our passwords, in mid-2023 the vulnerability CVE-2023-32784 emerged, which could cause the master password to be compromised if the following conditions are met:
- The attacker accesses a computer with a KeePass process running (the KeePass session does not need to be unlocked).
- The victim user has entered the master password manually (not by copying and pasting).
This vulnerability is due to the use of the “SecureTextBoxEx” text box during master password access, since this functionality is also used to recover password content in other sections of KeePass.
To demonstrate the operation of this vulnerability, two public exploits will be verified, which allow the decryption of the master password except for the first character. The fact that the first character is not stored is due to how the “SecureTextBoxEx” functionality works at the .net level, since it masks the previous character and shows the current one, for example, for the word password:
-a, --s, ---s, ----w, -----o, ------r, -------d.
- Update KeePass 2.54 or higher.
- Change your KeePass master password in case it has been compromised.
- Delete files that may contain KeePass passwords in memory such as the crash dumps (usually located in C:\Windows\memory.dmp for Windows), the hibernation file (hiberfil.sys) and the paging/swap file (pagefile.sys ).