// For flags

CVE-2023-24055

 

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

KeePass en la versión 2.53 (en una instalación por defecto) permite a un atacante, que tiene acceso de escritura al archivo de configuración XML, obtener las contraseñas en texto claro mediante la adición de un disparador de exportación. NOTA: la posición del vendedor es que la base de datos de contraseñas no está pensada para ser segura contra un atacante que tenga ese nivel de acceso al PC local.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-01-21 CVE Reserved
  • 2023-01-22 CVE Published
  • 2023-01-25 First Exploit
  • 2024-08-02 CVE Updated
  • 2024-08-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-312: Cleartext Storage of Sensitive Information
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Keepass
Search vendor "Keepass"
 Keepass
Search vendor "Keepass" for product "Keepass"
 <= 2.53
Search vendor "Keepass" for product "Keepass" and version " <= 2.53"
-
Affected