A new KeePass vulnerability tracked as
CVE-2023-3278 makes it possible to recover the KeePass master password, apart from the first one or two characters, in cleartext form, regardless of whether the KeePass workspace is locked, or possibly, even if the program is closed.
"KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character, it is mostly able to recover the password in plaintext," warns the security researcher on the GitHub page for the exploit tool.
"No code execution on the target system is required, just a memory dump. It doesn't matter where the memory comes from - can be the
process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system.
It doesn't matter whether or not the workspace is locked."
The flaw exists because the software uses a custom password entry box named "SecureTextBoxEx," which leaves traces of each character the user types in the memory.
