A critical vulnerability has been identified in the widely used password manager application, KeePass, which could potentially allow attackers to retrieve the master password from the memory of the app. This poses a significant risk as attackers can retrieve the password even when the database is locked, putting user data at risk if a device is compromised.
The vulnerability was identified by a security researcher named ‘vdohney,’ who tracked the flaw as “CVE-2023-3278.” The researcher also developed a proof-of-concept tool (KeePass Master Password Dumper) to demonstrate how attackers can extract the KeePass master password from memory. This vulnerability allows for retrieving the KeePass master password in clear text format, except for the first few characters, regardless of the locked workspace, enabling the recovery of most of the passwords in plaintext form.
The vulnerability stems from KeePass 2.X’s usage of a custom password entry box called “SecureTextBoxEx,” which inadvertently stores traces of user-typed characters in memory, posing a risk for recovering passwords not only for the master password but also for other password edit boxes within KeePass. The flaw affects KeePass 2.53.1 and potentially its forks.
However, it seems that the flaw doesn’t affect other password manager applications like KeePassXC, Strongbox, and KeePass 1.X. While the exploit is not limited to Windows and can be adapted for Linux and macOS, as it stems from how KeePass handles user input rather than being OS-specific.
Password managers eliminate the need to memorize multiple passwords for every account by generating distinct or unique passwords for each and storing them securely. To ensure the security of the password vault, users need to remember a single master password that encrypts the KeePass database, restricting access to stored credentials.
If the master password is compromised, then unauthorized individuals could gain unrestricted access to all the credentials stored within the database, posing a serious threat. Hence, to ensure robust security for a password manager, users must prioritize safeguarding their master password and refrain from sharing it with others.
Regarding the vulnerability in KeePass, users should immediately change their master password, delete the hibernation file, and ensure to delete the pagefile/swapfile. To prevent carving, overwrite the deleted data on the HDD, and lastly, restart your system.
In conclusion, the discovery of this vulnerability in KeePass highlights the importance of keeping password managers secure and the need for regular security updates. It also emphasizes the need for users to take the necessary precautions to safeguard their master passwords and follow good password hygiene practices, like using strong and unique passwords for every account.