A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed and that a PoC exploitation tool – aptly named KeePass 2.X Master Password Dumper – is publicly available, but the good news is that the password can’t be extracted remotely just by exploiting this flaw. “If your … Continue reading KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)