Vulnerability Description
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keepass | Keepass | <= 2.53 |
Related Weaknesses (CWE)
References
- https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbwThird Party Advisory
- https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/PatchThird Party Advisory
- https://sourceforge.net/p/keepass/feature-requests/2773/Third Party Advisory
- https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbwThird Party Advisory
- https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/PatchThird Party Advisory
- https://sourceforge.net/p/keepass/feature-requests/2773/Third Party Advisory
FAQ
What is CVE-2023-24055?
CVE-2023-24055 is a vulnerability with a CVSS score of 5.5 (MEDIUM). KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor...
How severe is CVE-2023-24055?
CVE-2023-24055 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24055?
Check the references section above for vendor advisories and patch information. Affected products include: Keepass Keepass.