The vulnerability of the text field for entering the password of the KeePass password manager lies in the fact that user credentials are stored in an unencrypted form. This allows a hacker to retrieve the master password in its raw form.

🗓️ 13 Jun 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

KeePass fields store credentials unencrypted, enabling retrieval of the master password in raw form.

Reporter	Title	Published	Views	Family All 40
GithubExploit	Exploit for Cleartext Transmission of Sensitive Information in Keepass	30 Aug 202316:42	–	githubexploit
GithubExploit	Exploit for Cleartext Transmission of Sensitive Information in Keepass	4 Dec 202411:57	–	githubexploit
GithubExploit	Exploit for Cleartext Transmission of Sensitive Information in Keepass	17 May 202320:15	–	githubexploit
GithubExploit	Exploit for Cleartext Transmission of Sensitive Information in Keepass	4 Jun 202308:24	–	githubexploit
ICS	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs	25 Jul 202412:00	–	ics
ATTACKERKB	CVE-2023-32784	15 May 202300:00	–	attackerkb
Circl	CVE-2023-32784	15 May 202312:29	–	circl
CNNVD	KeePass 安全漏洞	15 May 202300:00	–	cnnvd
CVE	CVE-2023-32784	15 May 202300:00	–	cve
Cvelist	CVE-2023-32784	15 May 202300:00	–	cvelist

Source	Link
github	www.github.com/keepassxreboot/keepassxc/discussions/9433
github	www.github.com/vdohney/keepass-password-dumper
sourceforge	www.sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/
web	www.web.nvd.nist.gov/view/vuln/detail

13 Jun 2023 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 37.5

CVSS 27.8

EPSS0.76477

unencrypted credentials KeePass vulnerability master password risk administrator password storage raw password exposure