166 matches found
CVE-2010-5200
Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information...
CVE-2010-5196
Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are obtained from third party...
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to...
ROS-20240902-20
A vulnerability in the KeePass password manager is related to unencrypted storage of critical information. Exploitation of the vulnerability could allow an attacker to obtain passwords in clear form...
Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...
PT-2024-12340 · Keepass · Keepass
Name of the Vulnerable Software and Affected Versions: KeePass affected versions not specified Description: The issue concerns a vulnerability in KeePass, which can be exploited by attackers. The vulnerability is related to XOR encryption and can be used to gain unauthorized access. There have be...
VulnCheck KEV: CVE-2023-32784
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system...
OPENSUSE-SU-2024:12982-1 keepass-2.54-1.1 on GA media
These are all security issues fixed in the keepass-2.54-1.1 package on the GA media of openSUSE Tumbleweed...
ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities
ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities. Each module leverages a specific method of injecting into the target process, and then hooks internals functions to gather crendentials. The accompanying blog post ca...
openSUSE: Security Advisory for keepass (openSUSE-SU-2023:0157-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the KeePass password manager, related to the unencrypted storage of critical information, allows attackers to obtain passwords in an open form.
The vulnerability of the KeePass password manager is related to the unencrypted storage of critical information. Exploiting this vulnerability can allow an attacker to obtain passwords in their raw form...
Malvertisers Using Google Ads to Target Users Searching for Popular Software
Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and distribute...
Keepass < 2.54 Information disclosure
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system. The...
ROS-20230911-02
Vulnerability of the KeePass password manager password text field is related to storing credentials in unencrypted form. Exploitation of the vulnerability could allow an attacker acting remotely, to recover the master password in plaintext...
KeePass Installed (Windows)
Binary data keepasswininstalled.nbin...
Exploit for Cleartext Transmission of Sensitive Information in Keepass
keepass-dump-masterkey Usage python3 poc.py Previe...
Mageia: Security Advisory (MGASA-2023-0221)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0221 Updated keepass packages fix security vulnerability
Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...
Updated keepass packages fix security vulnerability
Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...
OPENSUSE-SU-2023:0163-1 Security update for keepass
This update for keepass fixes the following issues: - Update to 2.54 Security: + Improved process memory protection of secure edit controls CVE-2023-32784, boo1211397. New Features: + Triggers, global URL overrides, password generator profiles and a few more settings are now stored in the enforce...