PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords

Researcher publishes PoC tool that exploits unpatched KeePass vulnerability to retrieve the master password from memory.
The post PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords appeared first on SecurityWeek.
Continue reading PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still … Continue reading KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

Is CVE-2023-24055 applicable to other password managers using the same format as the original KeePass?

CVE-2023-24055 is a known vulnerability that enables an attacker to recover plaintext user credentials from the KeePass application.
However, due to the original KeePass being Windows-specific, I’ve been using a compatible "KeePass XC… Continue reading Is CVE-2023-24055 applicable to other password managers using the same format as the original KeePass?

What exactly happens when you use 2FA with "Password" + "Yubikey HMAC" Login in KeepassXC?

Usecase: KeepassXC is configured with a Passward + Yubikey HMAC.

I am trying to understand the exact steps that happen.
I think the first five Steps are clear:

Open KeepassXC
Enter Password
Select Hardware Key
Click unlock
Yubikey is bli… Continue reading What exactly happens when you use 2FA with "Password" + "Yubikey HMAC" Login in KeepassXC?