KeePass exploit helps retrieve cleartext master password, fix coming soon

Bill Toulas reports:

The popular KeePass password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked.

The issue was discovered by a security researcher known as ‘vdohney,’ who published a proof-of-concept tool allowing attackers to extract the KeePass master password from memory as a proof-of-concept (PoC).

Read more at BleepingComputer.

ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Confidence in ransomware recovery is high but actual success rates remain low
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt

1 thought on “KeePass exploit helps retrieve cleartext master password, fix coming soon”

As the article notes, KeePassXC isn’t affected. And KeePassXC works well across both Windows and Linux; I don’t know of a reason not to use it instead of KeePass.

Comments are closed.

Related:

1 thought on “KeePass exploit helps retrieve cleartext master password, fix coming soon”