cve/2023/CVE-2023-32784.md

### [CVE-2023-32784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

### POC

#### Reference
- https://github.com/keepassxreboot/keepassxc/discussions/9433
- https://github.com/vdohney/keepass-password-dumper
- https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/

#### Github
- https://github.com/0xFFD700/Neuland-CTF-2023
- https://github.com/0xabdoulaye/CTFs-Journey
- https://github.com/1ocho3/NCL_V
- https://github.com/3mpir3Albert/HTB_Keeper
- https://github.com/4m4Sec/CVE-2023-32784
- https://github.com/7h4nd5RG0d/Forensics
- https://github.com/Aledangelo/HTB_Keeper_Writeup
- https://github.com/CTM1/CVE-2023-32784-keepass-linux
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/JorianWoltjer/keepass-dump-extractor
- https://github.com/LeDocteurDesBits/cve-2023-32784
- https://github.com/MashrurRahmanRawnok/Keeper-HTB-Write--Up
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Orange-Cyberdefense/KeePwn
- https://github.com/Rajuaravinds/My-Book
- https://github.com/RawnokRahman/Keeper-HTB-Write--Up
- https://github.com/RiccardoRobb/Pentesting
- https://github.com/ValentinPundikov/poc-CVE-2023-32784
- https://github.com/ZarKyo/awesome-volatility
- https://github.com/chris-devel0per/HTB--keeper
- https://github.com/chris-devel0per/htb-keeper
- https://github.com/dawnl3ss/CVE-2023-32784
- https://github.com/didyfridg/Writeup-THCON-2024---Keepas-si-safe
- https://github.com/forensicxlab/volatility3_plugins
- https://github.com/hau-zy/KeePass-dump-py
- https://github.com/hktalent/TOP
- https://github.com/josephalan42/CTFs-Infosec-Witeups
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/mister-turtle/cve-2023-32784
- https://github.com/nahberry/DuckPass
- https://github.com/nateahess/DuckPass
- https://github.com/nenandjabhata/CTFs-Journey
- https://github.com/neuland-ingolstadt/Neuland-CTF-2023-Winter
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rvsvishnuv/rvsvishnuv.github.io
- https://github.com/s3mPr1linux/KEEPASS_PASS_DUMP
- https://github.com/und3sc0n0c1d0/BruteForce-to-KeePass
- https://github.com/vdohney/keepass-password-dumper
- https://github.com/ynuwenhof/keedump
- https://github.com/z-jxy/keepass_dump
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-32784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.`

			`### POC`

			`#### Reference`
			`- https://github.com/keepassxreboot/keepassxc/discussions/9433`
			`- https://github.com/vdohney/keepass-password-dumper`
			`- https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/`

			`#### Github`
			`- https://github.com/0xFFD700/Neuland-CTF-2023`
Update CVE sources 2024-08-14 18:26 2024-08-14 18:26:11 +00:00			`- https://github.com/0xabdoulaye/CTFs-Journey`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/1ocho3/NCL_V`
			`- https://github.com/3mpir3Albert/HTB_Keeper`
			`- https://github.com/4m4Sec/CVE-2023-32784`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/7h4nd5RG0d/Forensics`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Aledangelo/HTB_Keeper_Writeup`
			`- https://github.com/CTM1/CVE-2023-32784-keepass-linux`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/JorianWoltjer/keepass-dump-extractor`
			`- https://github.com/LeDocteurDesBits/cve-2023-32784`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/MashrurRahmanRawnok/Keeper-HTB-Write--Up`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Mr-xn/Penetration_Testing_POC`
			`- https://github.com/Orange-Cyberdefense/KeePwn`
			`- https://github.com/Rajuaravinds/My-Book`
			`- https://github.com/RawnokRahman/Keeper-HTB-Write--Up`
			`- https://github.com/RiccardoRobb/Pentesting`
			`- https://github.com/ValentinPundikov/poc-CVE-2023-32784`
			`- https://github.com/ZarKyo/awesome-volatility`
			`- https://github.com/chris-devel0per/HTB--keeper`
			`- https://github.com/chris-devel0per/htb-keeper`
			`- https://github.com/dawnl3ss/CVE-2023-32784`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/didyfridg/Writeup-THCON-2024---Keepas-si-safe`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/forensicxlab/volatility3_plugins`
			`- https://github.com/hau-zy/KeePass-dump-py`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/josephalan42/CTFs-Infosec-Witeups`
			`- https://github.com/lions2012/Penetration_Testing_POC`
			`- https://github.com/mister-turtle/cve-2023-32784`
			`- https://github.com/nahberry/DuckPass`
			`- https://github.com/nateahess/DuckPass`
			`- https://github.com/nenandjabhata/CTFs-Journey`
			`- https://github.com/neuland-ingolstadt/Neuland-CTF-2023-Winter`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/rvsvishnuv/rvsvishnuv.github.io`
			`- https://github.com/s3mPr1linux/KEEPASS_PASS_DUMP`
			`- https://github.com/und3sc0n0c1d0/BruteForce-to-KeePass`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/vdohney/keepass-password-dumper`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/ynuwenhof/keedump`
			`- https://github.com/z-jxy/keepass_dump`