Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Your KeePass Master Password may be at risk, but a fix is coming
#1
Exclamation 
Quote:[Image: security.jpg]

A recently disclosed vulnerability in the KeePass password manager may be exploited to retrieve the master password. The vulnerability, CVE-2023-32784. indicates that the master password may be recovered from system memory dumps, even if the system is not running or locked.

Dominik Reichl, the developer of KeePass, will release a patch in the upcoming KeePass 2.54 release, which is scheduled for a release in the coming 2 months.

The security researcher who discovered the vulnerability has published a proof of concept on GitHub. The tool, KeePass 2.X Master Password Dumper, analyzes memory dumps, for instance pagefile.sys, hiberfil.sys, or the KeePass process dump to return the master password in clear text. To be precise, the vulnerability may return all characters of the master password except for the first one. It is trivial, however, to run tests to find the single missing character.

[Image: keepass.png]

The researcher goes on to explain that the issue is caused by SecureTextBoxEx, which causes leftover strings.

While the vulnerability may allow threat actors to retrieve the master password of the password manager, but it seems unlikely that it will be exploited on scale.

A likely scenario is a forensic investigation of a computer, as this may return the master password of the password manager. One of the best protections against this is to use full disk encryption and a strong password. Windows users may use the open source encryption software Vera Crypt for that. A password is required during system start to decrypt the system drive and boot the operating system.

The researcher suggests that users of KeePass may also delete hibernation, pagefiles and swapfiles regularly, but it is only a temporary recourse. Changing the master password helps as well, but also only temporarily.

KeePass 2.54 will address the issue. While it may be a month or two away, it is possible that it will be released faster, if reporting about the vulnerability is picking up pace.

Dominik Reichl describes the fix on the project's Sourceforge discussion forum. The updated version " calls Windows API functions for getting/setting the text of the text box directly, in order to avoid the creation of managed strings". This takes care of most of the leaks. To address the remaining ones, KeePass 2.54 will create dummy fragments in process memory.

The researcher tested the fix and confirmed that it is no longer possible to reproduce the attack on the fixed version. While there is a development build available that includes the fix, it is not recommended to run it, as it is beta software.

Certain KeePass forks, like KeePassXC, are not affected by the issue.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • jasonX
Reply
#2
Good thing I have VeraCrypt here with me! Thanks for the news there! Been using KeePass since 2010 and I guess since it is getting popular the thieves just want to wreak havoc with KeePass users.
[-] The following 1 user says Thank You to jasonX for this post:
  • harlan4096
Reply
#3
I also use VeraCrypt container, but I changed from KeePass to KeePassXC months ago, that comes also with Screen anti-Keylogging feature, which is great.
[-] The following 1 user says Thank You to harlan4096 for this post:
  • jasonX
Reply
#4
May we know the news on that "fix"?

Moved to "KeePassXC" now and doin fine here. Cheers!
[-] The following 1 user says Thank You to jasonX for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06
FastCopy 5.7.5
FastCopy 5.7.5: ...harlan4096 — 10:04

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>