CVE-2023-32784 -- keepass2ID: oval:org.secpod.oval:def:90269 | Date: (C)2023-06-05 (M)2024-01-03 |
Class: VULNERABILITY | Family: unix |
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Platform: |
Debian 10.x |
Debian 11.x |