A vulnerability has been uncovered in the KeePass password management program (v2.X), permitting an attacker to dump the learn password from the program’s memory.
The vulnerability (CVE-2023-32784) was found out by security researcher Dominik Reichl and is envisioned to be fixed in the upcoming launch of KeePass 2.54 in early June 2023.
Reichl described the flaw in a security report published on GitHub on Thursday, where by he also clarified the vulnerability could be exploited only if the grasp password is typed on a keyboard and not if it is copied from the clipboard.
The flaw in KeePass consists of a text box referred to as SecureTextBoxEx employed for password entry. It results in leftover strings in memory when people are typed, producing them tough to take away because of to .NET’s actions.
For occasion, when typing “Password,” residual strings like •a, ••s, •••s, ••••w, •••••o, ••••••r, •••••••d are stored in memory. A proof-of-notion (POC) software made by Reichl was able to scan the memory dump, suggesting possible password figures for each individual place.
On top of that, the attack calls for no code execution on the goal process, only a memory dump. The memory can be sourced from a variety of information, including a RAM dump of the total procedure. The flaw can also bypass the workspace’s locked position, as the password can be extracted from the memory even right after KeePass is no for a longer period running (even though the prospects decrease about time).
Study extra on memory vulnerability exploits right here: New Lenovo Notebook Styles Affected By UEFI Firmware Vulnerabilities
To mitigate the risk connected with this vulnerability, buyers are encouraged to update to KeePass 2.54 or a increased edition once it turns into offered.
In the meantime, Reichl suggested KeePass users alter their master password, restart their personal computer, delete the hibernation file and pagefile/swapfile, and overwrite deleted information on the hard disk push (HDD) to protect against information carving.
Undertaking a new set up of the operating procedure (OS) is also suggested to guarantee most security.
The developer also clarified that some KeePass-based mostly goods, these as KeePassXC, Strongbox and KeePass 1.X, are not impacted by the vulnerability.
The security report comes months after the LastPass breaches brought password professionals into the highlight.
Some parts of this article are sourced from:
www.infosecurity-journal.com