This top password manager apparently has a major security flaw that could spill all your logins
Master passwords could reportedly be stolen from KeePass app memory
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Popularpassword managerKeePass has a worrying exploit that could possibly result in your master password being stolen.
A security researcher haspublisheda proof-of-concept that demonstrates how a threat actor could extract a user’s master password from the KeePass app’s memory by exploiting a bug, tracked asCVE-2023-3278.
“KeePassMaster Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass’s memory. Apart from the first password character, it is mostly able to recover the password in plaintext,” claims the researcher.
No code execution
They added that, “No code execution on the target system is required, just a memory dump. It doesn’t matter where the memory comes from - can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system. It doesn’t matter whether or not the workspace is locked.”
Top password manager denies its entire database can be stolen>This vicious new malware version is now targeting password managers>Bitwarden vs KeePass: 2023 Features Comparison
The master password can also be extracted from the system’s RAM after KeePass has stopped running, although the researcher noted that the more time has elapsed since the app’s closure, the chances of successful extraction decrease.
The PoC was tested on Windows, but the researcher claims that the exploit also works on macOS and Linux versions.
The PoC works by exploiting a custom-developed text box for password entry, SecureTextBoxEx, which commits the characters a user types to the system memory. This box is not only used when typing the master password, but also when editing other stored passwords as well, so these could also be compromised.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The flaw affects KeePass 2.53.1 and any forks (the app is open-source) based on the original KeePass 2.X app written in .NET. The researcher states that KeePassXC, Strongbox, and KeePass 1.X are not affected, among potential other versions.
KeePass developer Dominik Reichlconfirmedthe existence of the vulnerability. Afixshould be coming this June with version 2.54. The risk of an attack happening in the wild is somewhat limited, though.
The researcher says that if your system is already infected withmalware, then this exploit could make it easier for them to go undetected when trying to steal your master password, since no code execution is required. However, if your system is clean, then you should be fine, as “no one can steal your passwords remotely over the internet with this finding alone,” states the researcher.
Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.
Nokia confirms data breach leaked third-party code, but its data is safe
Rising AI threats are making firms turn back to human intelligence
3 reasons why PIA fell in our best VPN rankings
