CVE-2023-32784

Published May 15, 2023

Last updated a year ago

CVSS high 7.5
hsm

Overview

Description
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-319
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-319

Social media

Hype score
Not currently trending

  1. #3 - Sunday, Keeper and Pilgrimage from HTB Love the binwalk and magick vulnerabilities from Pilgrimage, magick exploit allow to do LFI (CVE-2022-44268) and binwalk just gives RCE (CVE-2022-4510). Vulnerability in keepass from keeper was interesting (CVE-2023-32784)

    @_nullshell_

    16 Dec 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔓 CVE-2023-32784 afecta a KeePass, uno de los gestores de contraseñas más usados. 💥 Permite recuperar la contraseña maestra desde memoria, ¡sin privilegios! Solo necesita que se haya escrito manualmente. 📌 Exploits, demo y solución en @FluProject: 🔗 https://t.c

    @fluproject

    15 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. A mediados de 2023 surgió la vulnerabilidad CVE-2023-32784, la cual podría causar el compromiso de la contraseña maestra si se cumplen las condiciones que os contamos en el siguiente enlace: https://t.co/YJCHRILIwi https://t.co/f3ZVFwYukE

    @fluproject

    24 Apr 2025

    127 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Cyberis' Damian Wojcik writes about the vulnerability CVE-2023-32784. This vulnerability allows an attacker with access to the system where KeePass is running to exploit the flaw by analysing a memory dump to extract the master password to the database: https://t.co/6stPeufOWm h

    @cyberisltd

    31 Oct 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.CVE-2025-52533
  2. IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.CVE-2025-13375
  3. Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.CVE-2025-59703
  4. Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01.CVE-2025-59705
  5. Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.CVE-2025-59695

References

Sources include official advisories and independent security research.