A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim’s master password in cleartext under specific circumstances.
The issue, tracked as CVE-2023-32784, impacts KeePass versions 2.x for Windows, Linux, and macOS, and is expected to be patched in version 2.54, which is likely to be released early next month.
“Apart from the first password character, it is mostly able to recover the password in plaintext,” security researcher “vdohney,” who discovered the flaw and devised a PoC, said. “No code execution on the target system is required, just a memory dump.”
