Password managers have become very important programs in order to maintain good network security. Thanks to them, by memorizing only one master password, we can save all kinds of safe and random keys for each of the websites where we register. However, we must carefully choose the program that we are going to use, or, otherwise, we can end up in check as has happened to all users of KeePass.
KeePass is one of the best-known password managers used by users. Its main peculiarity is that, unlike other similar password saving services, this one is completely free and open source, and it runs locally on the computer instead of in the cloud, which implies extra security.
This program creates a secure database, within which all passwords are stored in encrypted form. To access them we need a master password, or bet on a digital certificate that gives us greater protection. The problem is that this password has been leaking, and anyone could get it.
This is how KeePass filters your master password
When we open the program, the database is loaded into a safe space in memory to access the passwords. When we close the program, this space is emptied so as not to leave a trace of them. So far, all correct. However, a group of researchers has discovered that it is possible extract master key from system memory with a simple exploit. And, with it, access the entire database.
In addition, antiviruses cannot detect this computer attack, since it is not necessary to execute code. It is enough to generate a critical error in the system to generate a memory dump
Although no computer attacks have been detected taking advantage of this vulnerability, there is already a small proof of concept, called KeePass Master Password Dumper, which is available on GitHub and allows us to verify it ourselves. It’s only a matter of time before this tool becomes part of exploit kits, and hackers start exposing vulnerabilities en masse.
To do
For your part, you can do nothing. This is a vulnerability, already registered with the code CVE-2023-32784, which must be corrected by the developer himself. The creator of KeePass has already reported that he is aware of it and is working on a solution. The next version of the program, 2.54, will correct this vulnerability (and others that may appear along the way). Of course, we will still have to wait until July of this year to be able to update to this version and that our passwords are safe.
In any case, we should not obsess over this vulnerability either, since to exploit it it is necessary to have access to the computer. If we lock the session to prevent anyone from using it, and we use some basic security measures (such as avoiding downloading and executing suspicious files from the Internet, and using a good antivirus), no one will be able to get our KeePass passwords.
