CVE-2023-32784

openSUSE Security Advisory - openSUSE-SU-2023:0163-1

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

En KeePass v2.x anterior a v2.54, es posible recuperar la contraseña maestra en texto claro a partir de un volcado de memoria, incluso cuando un espacio de trabajo está bloqueado o ya no se ejecuta. El volcado de memoria puede ser un volcado de proceso de KeePass, un archivo de intercambio (pagefile.sys), un archivo de hibernación (hiberfil.sys) o un volcado de RAM de todo el sistema. El primer carácter no se puede recuperar. En la versión 2.54, hay un uso diferente de la API y/o inserción de una cadena aleatoria para la mitigación.

An update that fixes one vulnerability is now available. This update for keepass fixes the following issues.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-05-15 CVE Reserved
2023-05-15 CVE Published
2023-05-23 First Exploit
2025-01-23 CVE Updated
2025-07-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC

References (17)

URL	Tag	Source
https://github.com/keepassxreboot/keepassxc/discussions/9433	Issue Tracking
https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283	Issue Tracking

URL	Date	SRC
https://github.com/Cmadhushanka/CVE-2023-32784-Exploitation	2024-07-10
https://github.com/CTM1/CVE-2023-32784-keepass-linux	2023-06-17
https://github.com/dawnl3ss/CVE-2023-32784	2023-08-30
https://github.com/ValentinPundikov/poc-CVE-2023-32784	2023-10-17
https://github.com/Hirusha-N/CVE-2021-34527-CVE-2023-38831-and-CVE-2023-32784	2024-06-25
https://github.com/le01s/poc-CVE-2023-32784	2023-10-17
https://github.com/vdohney/keepass-password-dumper	2025-01-23
https://github.com/und3sc0n0c1d0/BruteForce-to-KeePass	2024-10-26
https://github.com/z-jxy/keepass_dump	2024-11-26
https://github.com/LeDocteurDesBits/cve-2023-32784	2023-05-23
https://github.com/hau-zy/KeePass-dump-py	2023-06-04
https://github.com/mister-turtle/cve-2023-32784	2024-04-28
https://github.com/SarahZimmermann-Schmutzler/exploit_keepass	2024-11-19
https://github.com/dev0558/CVE-2023-32784-EXPLOIT-REPORT	2024-12-04
https://github.com/G4sp4rCS/CVE-2023-32784-password-combinator-fixer	2025-03-31

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Keepass Search vendor "Keepass"		Keepass Search vendor "Keepass" for product "Keepass"				>= 2.00 < 2.54 Search vendor "Keepass" for product "Keepass" and version " >= 2.00 < 2.54"		-		Affected