CVE-2023-24055

Опубликовано: 22 янв. 2023

Источник: nvd

CVSS3: 5.5

EPSS Средний

Описание

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

Ссылки

https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/
Third Party Advisory
https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
Patch
Third Party Advisory
https://sourceforge.net/p/keepass/feature-requests/2773/
Third Party Advisory
https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/
Third Party Advisory
https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
Patch
Third Party Advisory
https://sourceforge.net/p/keepass/feature-requests/2773/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keepass:keepass:*:*:*:*:*:*:*:*

Версия до 2.53 (включая)

EPSS

Процентиль: 97%

0.35331

Средний

5.5 Medium

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-xf2q-qxhf-rqh5

CVSS3: 5.5

github

больше 2 лет назад

** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

BDU:2023-07674

CVSS3: 5.5

fstec

больше 2 лет назад

Уязвимость менеджера паролей KeePass, связанная с незашифрованным хранением критичной информации, позволяющая нарушителю получить пароли в открытом виде

ROS-20240902-20

CVSS3: 5.5

redos

10 месяцев назад

Уязвимость KeePass

EPSS

Процентиль: 97%

0.35331

Средний

5.5 Medium

CVSS3

Дефекты

CWE-312