KeePass, a widely-used open-source password manager, saves user input in retrievable memory strings, including master passwords that protect the user’s credentials. The problem stems from how KeePass handles user-typed content in forms, creating memory strings containing all the master password’s characters except for the first one. The vulnerability, now tracked as CVE-2023-32784, was discovered by …
The post Hackers Can Retrieve Master Passwords from KeePass Memory appeared first on RestorePrivacy.