SecurityWeek reports that updates have been released by open source password manager KeePass to resolve the vulnerability, tracked as CVE-2023-32784, affecting KeePass 2.x versions, which could be exploited to facilitate cleartext master password retrievals from a memory dump.
KeePass process dumps could have also been leveraged to fetch various typed-in passwords, although a security researcher who released a proof-of-concept tool noted the vulnerability's minimal risk due to its lack of remote exploitation capabilities.
Included in the KeePass 2.54 update, which has been released weeks ahead of the expected stable version scheduled for a July launch, are process memory protection enhancements to circumvent managed string creation and password recovery, and the in-memory creation of dummy fragments that are then combined with the proper fragments.
Additional features have also been included as part of the update, as well as bug fixes and improved user interface and integration.
Identity, Vulnerability Management
Master password-leaking bug addressed by KeePass
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds