Shulou(Shulou.com)11/24 Report--

According to CTOnews.com on January 31, KeePass, an open source password management tool, has recently been exposed to a security vulnerability that allows attackers to export the entire database in plain text without the user's knowledge.

CTOnews.com mini-class: compared with the cloud-hosted approach of LastPass and Bitwarden, the open source password management tool KeePass mainly uses locally stored databases to manage databases.

To protect these local databases, users can encrypt them with a master password. In this way, malware or threat actors cannot steal the database and cannot access the relevant passwords stored in it.

The new vulnerability is now tracked as CVE-2023-24055. After gaining write access to the target system, the attacker changes the KeePass XML configuration file and injects a malicious trigger, which then exports the database containing all usernames and passwords in clear text.

The entire export process is completed completely in the background, with no notification to the victim, no previous interaction, and no need for the victim to enter a master password, allowing threats to quietly access all stored passwords.

After reporting and assigning a CVE-ID, the user asked the development team behind the KeePass to add a confirmation prompt before silent database export, to issue a prompt after the export was triggered by a maliciously modified configuration file, or to provide a version of the application without the export feature.

KeePass officials responded that KeePass was not to blame for the problem. KeePass developers explain that "having write access to KeePass configuration files usually means that attackers can actually perform attacks that are more powerful than modifying configuration files (these attacks also eventually affect KeePass, independent of profile protection)."

The developer continued: "these attacks can only be prevented by keeping the environment secure (by using antivirus software, firewalls, not opening unknown email attachments, etc.). KeePass cannot magically run securely in an insecure environment."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.