search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.71k stars 276 forks source link

Is KeePassDX vulnerable by CVE-2023-32784? #1575

Closed matejc closed 1 year ago

matejc commented 1 year ago

Is it possible to check for CVE-2023-32784?

KeePass has released version 2.54, fixing the CVE-2023-32784 vulnerability that allows the extraction of the cleartext master password from the application's memory.

When creating a new KeePass password manager database, users must create a master password, which is used to encrypt the database. When opening the database in the future, users are required to enter this master key to decrypt it and access the credentials stored within it.

Source: https://www.bleepingcomputer.com/news/security/keepass-v254-fixes-bug-that-leaked-cleartext-master-password/

J-Jamet commented 1 year ago

The KeePassDX engine is completely different from that of KeePass and is not even run in the same environment, so this exploit is not related to KeePassDX.

matejc commented 1 year ago

Thank you.