Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2023-32784

Published: 15 May 2023

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
keepass2
Launchpad, Ubuntu, Debian
kinetic Ignored
(end of life, was needs-triage)
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Needs triage

trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

mantic Needs triage

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N