Unpatched (so far) KeePass exploit
Helps retrieve cleartext master password
Retrieves from memory
So even with database locked
CVE-2023-3278
Just memory access / memory dump
process dump, swapfile, hibernation file, ..
Windows, macOS, Linux,
2.53.1 and older are vulnerable
Version 2.54 should fix the issue
BUT
KeePass master password may still exist in memory
BEWARE of apps that can dump/access memory
No comments:
Post a Comment