A recently found vulnerability in the open source password manager might be used to get a target’s master password; proof-of-concept code is already available. A security researcher has found a weakness in the widely used KeePass open source password manager for the second time in recent months.
This flaw allows attackers to recover a target’s master password in cleartext from a memory dump, even while the user’s workspace is closed. It affects KeePass 2.X versions for Windows, Linux, and macOS. Even after the local user has locked the workspace and after KeePass has stopped functioning, an attacker can still obtain the master password, according to the researcher.