CVE-2023-24055

Description from NVD

** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

Information Acquisition Date:2023-02-06T07:48Z
CVSS 2.0: 0.0 None CVSS 3.x: 5.5 MEDIUM

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

NVD References

 https://sourceforge.net/p/keepass/feature-requests/2773/
     source:MISC
     tags:Third Party Advisory    
 https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
     source:MISC
     tags:Patch    Third Party Advisory    
 https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(1 tweets) Windows(3 tweets) iOS(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com52
https://github.com/deetl/CVE-2023-2405522
https://news.ycombinator.com/item?id=345450106
https://xcloud.spectrum.colortokens.com/cve/CVE-2023-240556
https://noticiasseguridad.com/vulnerabilidades/este-codigo-...4
https://www.bleepingcomputer.com/news/security/keepass-disp...4
https://sco.lt/5M9a2y3
https://buff.ly/3Ydp0oZ3
https://twitter.com/elhackernet/status/16181579499308441603
https://www.it-connect.fr/faille-critique-dans-keepass-un-a...3
https://securite.developpez.com/actu/341110/Gestionnaire-de...3

▼ Show Information from Twitter(173)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com52
github.com22
news.ycombinator.com6
xcloud.spectrum.colortokens.com6
noticiasseguridad.com4
www.bleepingcomputer.com4
sco.lt3
buff.ly3
twitter.com3
www.it-connect.fr3
securite.developpez.com3

▼ Show Information from Twitter(173)


GitHub Search Results: Up to 10
NameURL
alt3kx/CVE-2023-24055_PoC https://github.com/alt3kx/CVE-2023-24055_PoC
deetl/CVE-2023-24055 https://github.com/deetl/CVE-2023-24055
Live-Hack-CVE/CVE-2023-24055 https://github.com/Live-Hack-CVE/CVE-2023-24055
julesbozouklian/PoC_CVE-2023-24055 https://github.com/julesbozouklian/PoC_CVE-2023-24055
Cyb3rtus/keepass_CVE-2023-24055_yara_rule https://github.com/Cyb3rtus/keepass_CVE-2023-24055_yara_rule

GitHub Search Results: Up to 10
NameURL
alt3kx/CVE-2023-24055_PoC github.com
deetl/CVE-2023-24055 github.com
Live-Hack-CVE/CVE-2023-24055 github.com
julesbozouklian/PoC_CVE-2023-24055 github.com
Cyb3rtus/keepass_CVE-2023-24055_yara_rule github.com

2023/02/07 Score : 3
Added Har-sia Database : 2023/01/22
Last Modified : 2023/02/07
Highest Scored Date : 2023/01/26
Highest Score : 28