Mageia 8: MGASA-2023-0222 High: Keepass Vulnerability in Cleartext Access
mageia
July 7, 2023
Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger
Summary
Allows an attacker, who has write access to the XML configuration file, to
obtain the cleartext passwords by adding an export trigger. Disputed by
vendor due to level of access required. (CVE-2023-24055)
Possible to recover the cleartext master password from a memory dump, even
when a workspace is locked or no longer running (CVE-2023-32784)
References
- https://bugs.mageia.org/show_bug.cgi?id=31935
-
- https://www.cve.org/CVERecord?id=CVE-2023-24055
- https://www.cve.org/CVERecord?id=CVE-2023-32784
Resolution
SRPMS
- 8/core/keepass-2.54-1.mga8
PREVIOUS
NEXT
Publication date: 07 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0221.html
Type: security
CVE: CVE-2023-24055,
CVE-2023-32784
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!