What is CVE-2023-32784?

CVE-2023-32784 is a vulnerability in N/a. Published 2023-05-15.

Is CVE-2023-32784 known to be exploited?

58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-32784

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernat…

EPSS: 0.765 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

vdohney/keepass-password-dumper
z-jxy/keepass_dump
und3sc0n0c1d0/BruteForce-to-KeePass
mister-turtle/cve-2023-32784
CTM1/CVE-2023-32784-keepass-linux
areebashoaib42/KeePass-CVE-2023-32784-Exploitation-and-Defense
super-oof/keepass2-password-finder
G4sp4rCS/CVE-2023-32784-password-combinator-fixer
dev0558/CVE-2023-32784-EXPLOIT-REPORT
Cmadhushanka/CVE-2023-32784-Exploitation

References

github.com/vdohney/keepass-password-dumper
sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/
github.com/keepassxreboot/keepassxc/discussions/9433

Frequently asked questions

What is CVE-2023-32784?: CVE-2023-32784 is a vulnerability in N/a. Published 2023-05-15.
Is CVE-2023-32784 known to be exploited?: 58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.