KeePass Vulnerability allows export of clear-text credentials

KeePass: "That sounds like a 'you' problem."

Jan 30, 2023

∙ Paid

An exploit PoC has been shared publicly for CVE-2023-24055, which relates to the ability for an attacker to add an export trigger within the KeePass XML configuration file, enabling them to dump clear-text passwords from the Password Manager.

Figure 1: The credentials are dumped in plain-text to an xml file

Keep reading with a 7-day free trial

Subscribe to Opalsec to keep reading this post and get 7 days of free access to the full post archives.