KeePass is a highly popular and free open source tool that is considered one of the most powerful and secure password managers to date. However, a novel vulnerability recently discovered may potentially put millions of users at risk of compromise.
As outlined in research by Alex Hernandez and detailed in a dedicated thread on SourceForge, the vulnerability in question could potentially allow an attacker with write access to the XML configuration file to obtain the plaintext passwords by adding an export trigger. The PoC exploit for CVE-2023-24055, a scanner for it, and a list of trigger examples have been publicly posted on Alex Hernandez’s GitHub account.
It is important to note that the vendor states that the password database is not meant to be secure against an attacker who has that level of access to a local PC. Additionally, the list of affected KeePass versions is still being disputed. Currently, KeePass v2.5x is considered to be affected. Users are strongly encouraged to upgrade to the latest version 2.53 to prevent potential compromise.
