Exploit for #VU76358 Storing passwords in a recoverable format in KeePass

Published: 2023-06-26 | Updated: 2024-11-22

Vulnerability identifier: #VU76358

Vulnerability risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-32784

CWE-ID: CWE-257

Exploitation vector: Local

Exploits in database: 5

November 22, 2024
- exploit_keepass (A Python console program that exploits the security vulnerability CVE-2023-32784 in the password manager KeePass. This exploit reconstructs the master password in plain text based on memory dumps (.DMP).) [Github]
May 13, 2024
- keepass_dump (KeePass 2.X dumper (CVE-2023-32784)) [Github]
- cve-2023-32784 () [Github]
July 20, 2023
- BruteForce-to-KeePass (This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass.) [Github]
June 26, 2023
- keepass-password-dumper (Original PoC for CVE-2023-32784) [Github]

Vulnerable software:
KeePass
Client/Desktop applications / Encryption software

Vendor: KeePass