Master password-leaking bug addressed by KeePass

SecurityWeek reports that updates have been released by open source password manager KeePass to resolve the vulnerability, tracked as CVE-2023-32784, affecting KeePass 2.x versions, which could be exploited to facilitate cleartext master password retrievals from a memory dump. KeePass process dumps could have also been leveraged to fetch various typed-in passwords, although a security researcher who released a proof-of-concept tool noted the vulnerability’s minimal risk due to its lack of remote exploitation capabilities.

Source: SC Magazine

 


Date:

Categorie(s):

Tag(s):