Using password managers is something we always recommend to keep accounts protected. However, despite how useful they are, they can also suffer from vulnerabilities and endanger precisely the keys that we are protecting. In this article we report on an issue affecting KeePass, a widely used password manager. We are going to talk about how it can put all your keys at risk and what you should do.
KeePass affected by a vulnerability
With KeePass we are dealing with a free and open source password manager . We can say that it is one of the most famous, so a problem of this type can affect many. The vulnerability allows a hypothetical attacker to export the entire database in plain text without us noticing.
This flaw has been tracked as CVE-2023-24055 and allows an attacker with access to the system to alter the configuration file and inject malicious code to export that database. This includes usernames and also passwords, all in plain text. When the victim logs into KeePass and puts the master key that everything is encrypted with, that export rule created by the attacker will be triggered and everything will be stored in one place on the system so that the hacker can view the content without any problems.
This entire process goes unnoticed by the victim. It runs in the background and we won’t notice anything, KeePass won’t notify anything and we won’t be aware that we are exporting all the passwords.
It must be taken into account that this vulnerability would only be executed if the attacker has physical access to the device. From KeePass they indicate that in this case, when someone can physically access a device, they could also execute other methods to steal passwords.
What to do to avoid this problem
Security researchers have released a recommendation so that this problem does not occur. What you need to do is create a forced configuration file . This allows to have priority over possible configurations and actions of the attackers to exploit the CVE-2023-24055 vulnerability.
It is also essential to have everything up to date . It is to be expected that after vulnerabilities of this type, the platforms themselves will release updates to correct the problem. This allows you to avoid vulnerabilities and maintain the privacy and security of those programs at all times. You can always use KeePass and HIBP Offline Checker to check for stolen passwords.
But beyond having everything updated, it is important that you always install software from official sources . It doesn’t matter if it’s the KeePass password manager or you’re using any other; You should always download them from legitimate, official and safe sites so as not to take risks.
On the other hand, having security programs is essential. A good antivirus will help prevent malware, such as a keylogger that starts recording all the keys and allows an attacker to enter without permission.
In short, as you see a new problem affects key managers. Although this is a vulnerability that is difficult to exploit, you should always take certain precautions to avoid problems. The objective is to protect the passwords as much as possible and that they cannot be leaked.