CVE-2023-32784— KeePass 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-32784の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
KeePass 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
KeePass是一款开源的密码管理器。 KeePass 2.54之前的2.x版本存在安全漏洞,该漏洞源于即使工作区被锁定或不再运行,也可以从内存转储中恢复明文主密码。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. CVE-2023-32784の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | Original PoC for CVE-2023-32784 | https://github.com/vdohney/keepass-password-dumper | POC詳細 |
| 2 | KeePass Master Password Extraction PoC for Linux | https://github.com/CTM1/CVE-2023-32784-keepass-linux | POC詳細 |
| 3 | This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass. | https://github.com/und3sc0n0c1d0/BruteForce-to-KeePass | POC詳細 |
| 4 | KeePass 2.X dumper (CVE-2023-32784) | https://github.com/z-jxy/keepass_dump | POC詳細 |
| 5 | A CVE-2023-32784 proof-of-concept implementation in Rust | https://github.com/LeDocteurDesBits/cve-2023-32784 | POC詳細 |
| 6 | Re-write of original KeePass 2.X Master Password Dumper (CVE-2023-32784) POC in python. | https://github.com/hau-zy/KeePass-dump-py | POC詳細 |
| 7 | Retrieve the master password of a keepass database <= 2.53.1 | https://github.com/dawnl3ss/CVE-2023-32784 | POC詳細 |
| 8 | None | https://github.com/ValentinPundikov/poc-CVE-2023-32784 | POC詳細 |
| 9 | None | https://github.com/mister-turtle/cve-2023-32784 | POC詳細 |
| 10 | year 2 semester 1 Systems and Network Programming Assignment | https://github.com/Cmadhushanka/CVE-2023-32784-Exploitation | POC詳細 |
| 11 | None | https://github.com/le01s/poc-CVE-2023-32784 | POC詳細 |
| 12 | A Python console program that exploits the security vulnerability CVE-2023-32784 in the password manager KeePass. This exploit reconstructs the master password in plain text based on memory dumps (.DMP). | https://github.com/SarahZimmermann-Schmutzler/exploit_keepass | POC詳細 |
| 13 | None | https://github.com/dev0558/CVE-2023-32784-EXPLOIT-REPORT | POC詳細 |
| 14 | After using the KeePass password dumper maybe some character parsed as ● is incorrect and you want to know the real character | https://github.com/G4sp4rCS/CVE-2023-32784-password-combinator-fixer | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-32784のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · n/a · 2023-05-15 · 54 CVEs total
| CVE-2023-2124 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2023-1729 | Libraw 缓冲区错误漏洞 | |
| CVE-2023-21104 | Google Android 安全漏洞 | |
| CVE-2023-20930 | Google Android 资源管理错误漏洞 | |
| CVE-2023-21102 | Google Android 安全漏洞 | |
| CVE-2023-21103 | Google Android 安全漏洞 | |
| CVE-2023-20914 | Google Android 安全漏洞 | |
| CVE-2023-21116 | Google Android 安全漏洞 | |
| CVE-2023-21117 | Google Android 安全漏洞 | |
| CVE-2023-21118 | Google Android 缓冲区错误漏洞 | |
| CVE-2023-21112 | Google Android 缓冲区错误漏洞 | |
| CVE-2023-2700 | Red Hat libvirt 安全漏洞 | |
| CVE-2023-30245 | Judging Management System SQL注入漏洞 | |
| CVE-2023-29861 | Teledyne FLIR FLIR-DVTEL camera 安全漏洞 | |
| CVE-2023-31607 | Virtuoso Open-Source Edition SQL注入漏洞 | |
| CVE-2023-31608 | Virtuoso Open-Source Edition SQL注入漏洞 | |
| CVE-2023-31609 | Virtuoso Open-Source Edition SQL注入漏洞 | |
| CVE-2023-31610 | Virtuoso Open-Source Edition SQL注入漏洞 | |
| CVE-2023-31611 | Virtuoso Open-Source Edition SQL注入漏洞 | |
| CVE-2023-31612 | Virtuoso Open-Source Edition SQL注入漏洞 |
Showing 20 of 54 CVEs. View all on vendor page →
IV. 関連脆弱性
同じベンダー: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. CVE-2023-32784へのコメント
まだコメントはありません