A fix is not expected until the next few weeks, so if you use this password manager you will be exposed to this vulnerability.
Due to the enormous number of email accounts, applications and services that we use on a daily basis, it is essential to have a password manager that allows us to access all these sites, without having to type intricate passwords. passwords to access each of them.
But the problem comes when some kind of vulnerability is discovered in the password managers themselves, in which we trust so much. And it has happened again.
He password manager KeePass is vulnerable to extracting the master password from application memory, thus allowing attackers to compromise a device to extract this master password.
This discovered exploit allows a hacker to steal the KeePass user’s master password in plain text, i.e. unencrypted, simply by extracting it from the target memory.
According to reports from Bleeping Computer, this vulnerability was discovered by security researcher vdohney who posted a proof of concept tool on GitHub.
This concept tool can retrieve almost all of the master password, except for the first one or two characters, and extracts the password in a readable, unencrypted form. Also, you can extract it even if KeePass is locked or the app is closed completely.
This is because it extracts the password KeePass memory master can be obtained in several ways: “It doesn’t matter where the memory comes from, it can be the process dump, the swap file (pagefile.sys), the hibernation file (hiberfil.sys) or the memory whole system RAM.
The custom code problem
As they explain, this exploit exists thanks to certain custom codes used by the password manager.
And is that when you enter a master password, a custom box called SecureTextBoxEx is displayed. This box is not secure, as each character written to it leaves a spare copy in system memory.
In order for the attacker to access this secret password, he would require physical access to the machine from which he extracts the master password.
However, hackers can gain access to a target’s computer using vulnerable remote access applications.
So if a target computer is infected with malware, it could be used to dump KeePass’s memory and send it along with the application’s database to the hacker’s server, thus allowing the master password to be extracted.
The KeePass developer says a fix is on the way, but it’s not expected until June/July 2023, so during these weeks you’re going to be exposed unless you change administrators.