Password Manager KeePass Patches Vulnerability in Recent Update

  1. Open-source password manager KeePass patches a vulnerability (CVE-2023-32784) in an early update, preventing potential attackers from extracting cleartext master passwords from memory dumps.
  2. The new KeePass 2.54 update not only enhances process memory protections but also includes user interface improvements, new features, and several other bug fixes for a comprehensive upgrade.

Over the weekend, KeePass, an open-source password manager, patched a vulnerability allowing potential attackers to extract the cleartext master password from a memory dump. This critical update came several weeks ahead of schedule, according to an official statement from KeePass.

Password Safe

The flaw, tracked as CVE-2023-32784, impacted KeePass 2.x versions. It was connected to a custom-developed textbox utilized for password entry. This textbox left behind a residual string in the memory for each character a user typed. Potential attackers could exploit a KeePass process dump, a system hibernation file, a swap file, or even a complete system RAM dump to retrieve these strings and reconstitute the entered password.

Alarmingly, the strings’ orderly arrangement in memory meant that even several typed-in passwords could be retrieved. A security researcher had brought this issue to light several weeks ago, publishing a proof-of-concept (PoC) tool that could exploit this vulnerability to extract passwords from memory dumps.
Despite the seeming severity of the flaw, the researcher stressed that the risks were minimal since remote exploitation wasn’t possible. The vulnerability would only pose a threat if the system was already compromised by malware.
In response to the identified issue, KeePass had initially announced that a patch was incorporated into the test version of KeePass 2.54, with a stable release planned for July. However, the company released the update earlier than anticipated.
This new update fortifies process memory protections to inhibit the creation of managed strings and forestall password recovery. The software now also generates dummy fragments in memory and intermingles them with the correct fragments, adding an extra layer of security.
Along with the critical patch, KeePass 2.54 update also includes user interface improvements, integration enhancements, and new features. Other improvements and bug fixes are also part of the update, as detailed in the KeePass 2.54 changelog.