MGASA-2023-0221 - Updated keepass packages fix security vulnerability
Publication date: 07 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0221.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-24055,
CVE-2023-32784
Allows an attacker, who has write access to the XML configuration file, to
obtain the cleartext passwords by adding an export trigger. Disputed by
vendor due to level of access required. (CVE-2023-24055)
Possible to recover the cleartext master password from a memory dump, even
when a workspace is locked or no longer running (CVE-2023-32784)
References:
- https://bugs.mageia.org/show_bug.cgi?id=31935
- https://amp.thehackernews.com/thn/2023/05/keepass-exploit-allows-attackers-to.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784
SRPMS:
- 8/core/keepass-2.54-1.mga8
Mageia 2023-0221: keepass security update
Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger
Summary
Allows an attacker, who has write access to the XML configuration file, to
obtain the cleartext passwords by adding an export trigger. Disputed by
vendor due to level of access required. (CVE-2023-24055)
Possible to recover the cleartext master password from a memory dump, even
when a workspace is locked or no longer running (CVE-2023-32784)
References
- https://bugs.mageia.org/show_bug.cgi?id=31935
- https://amp.thehackernews.com/thn/2023/05/keepass-exploit-allows-attackers-to.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784
Resolution
MGASA-2023-0221 - Updated keepass packages fix security vulnerability
SRPMS
- 8/core/keepass-2.54-1.mga8
Severity
Publication date: 07 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0221.html
Type: security
CVE: CVE-2023-24055,
CVE-2023-32784
News
HOWTOs
Features
About Us
Powered By
