### [CVE-2023-32784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

### POC

#### Reference
- https://github.com/keepassxreboot/keepassxc/discussions/9433
- https://github.com/vdohney/keepass-password-dumper
- https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/

#### Github
- https://github.com/0xFFD700/Neuland-CTF-2023
- https://github.com/1ocho3/NCL_V
- https://github.com/3mpir3Albert/HTB_Keeper
- https://github.com/4m4Sec/CVE-2023-32784
- https://github.com/7h4nd5RG0d/Forensics
- https://github.com/Aledangelo/HTB_Keeper_Writeup
- https://github.com/CTM1/CVE-2023-32784-keepass-linux
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/JorianWoltjer/keepass-dump-extractor
- https://github.com/LeDocteurDesBits/cve-2023-32784
- https://github.com/MashrurRahmanRawnok/Keeper-HTB-Write--Up
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Orange-Cyberdefense/KeePwn
- https://github.com/Rajuaravinds/My-Book
- https://github.com/RawnokRahman/Keeper-HTB-Write--Up
- https://github.com/RiccardoRobb/Pentesting
- https://github.com/ValentinPundikov/poc-CVE-2023-32784
- https://github.com/ZarKyo/awesome-volatility
- https://github.com/chris-devel0per/HTB--keeper
- https://github.com/chris-devel0per/htb-keeper
- https://github.com/dawnl3ss/CVE-2023-32784
- https://github.com/didyfridg/Writeup-THCON-2024---Keepas-si-safe
- https://github.com/forensicxlab/volatility3_plugins
- https://github.com/hau-zy/KeePass-dump-py
- https://github.com/hktalent/TOP
- https://github.com/josephalan42/CTFs-Infosec-Witeups
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/mister-turtle/cve-2023-32784
- https://github.com/nahberry/DuckPass
- https://github.com/nateahess/DuckPass
- https://github.com/nenandjabhata/CTFs-Journey
- https://github.com/neuland-ingolstadt/Neuland-CTF-2023-Winter
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rvsvishnuv/rvsvishnuv.github.io
- https://github.com/s3mPr1linux/KEEPASS_PASS_DUMP
- https://github.com/und3sc0n0c1d0/BruteForce-to-KeePass
- https://github.com/vdohney/keepass-password-dumper
- https://github.com/ynuwenhof/keedump
- https://github.com/z-jxy/keepass_dump