The creator of the KeePass Master Password Dumper tool has confirmed that the fixes work as expected, and the attack can not be reproduced in the newest version of the software.
Upcoming Fixesĭominik Reichl, the main developer of KeePass, said the fixes have already been implemented on a development snapshot of the software, and the first tests indicate they can effectively prevent the exploitation of the flaw. Thirdly, if the user sets their master password by pasting it on the KeePass form instead of typing it, the mentioned memory strings will not contain sensitive data, so nothing will be retrievable. With those scenarios excluded, the only possible way to exploit CVE-2023-32784 would be to deploy malware on the target system, which can be prevented if good practices are followed.
Secondly, the flaw may only be triggered by someone with physical access to the target’s computer or somebody who has stolen their target’s hard drive. However, a significant portion of the KeePass userbase still uses KeePass 1.X, which isn’t vulnerable. However, several mitigating factors in CVE-2023-32784 somewhat lessen its impact, at least for most of the regular users of the application.įirst, the flaw only impacts KeePass 2.X, including its latest version, 2.53.1. Single Sign On (SSO) accurate pricing info is available upon request (they dont share it publicly), however, On.
#KEEPASS PASSWORD SAFE VS KEEPASSX SOFTWARE#
The impact on users of the software is undeniably severe, as anyone holding the master password may unlock the software’s password database and retrieve all credentials for all online accounts of the impacted user. KeePass Password Safe accurate pricing info is available upon request (they dont share it publicly), however, On a scale between 1 to 10 KeePass Password Safe is rated 4, which is lower than the average cost of Security software.
0 kommentar(er)
