A malicious vulnerability in the password management software KeePass! The entire database can be exported in clear text by hackers.

Due to the increasingly complex password requirements of various platforms, more and more users are using password management software to store their passwords in a unified manner, but this also means that such software is highly susceptible to privacy leaks if vulnerabilities arise.

Recently, the open-source password management software KeePass was found to have a serious vulnerability that allowed attackers to export a user's entire password database directly to plain text without the user's knowledge.

KeePass reportedly uses a local database to store user passwords and allows users to encrypt the database with a master password to prevent disclosure.

However, the recently discovered CVE-2023-24055 vulnerability allows an attacker to directly modify KeePass XML files and inject triggers to export all usernames and passwords in clear text after gaining write access to the database.

The entire process occurs in the background of the system, without any prior interaction, without requiring the victim to enter a password, and without even notifying the victim.

Currently, KeePass officials say that this vulnerability is not something they can fix, and that hackers with the ability to change write permissions are perfectly capable of more powerful attacks.

Therefore, it is important to pay attention to the security of the device's environment to avoid attacks, and says that "KeePass cannot magically work securely in an insecure environment".