[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254802

 
 

909

 
 

198617

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2023-32784 -- keepass2

ID: oval:org.secpod.oval:def:90269Date: (C)2023-06-05   (M)2024-01-03
Class: VULNERABILITYFamily: unix




In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Platform:
Debian 10.x
Debian 11.x
Product:
keepass2
Reference:
CVE-2023-32784
CVE    1
CVE-2023-32784
CPE    2
cpe:/o:debian:debian_linux:10.x
cpe:/o:debian:debian_linux:11.x

© SecPod Technologies