A vulnerability discovered last week in the open-source password manager KeePass Password Safe lets attackers extract the master password directly from the software’s memory. In a blog posted May 18, Vulcan Cyber researchers said the vulnerability — CVE-2023-32784 — presents an exploitable loophole that compromises the primary key needed to unlock the user’s password database. KeePass posted that it plans to issue a patch by early June.
Comments