What this KeePass CVE means for organizations searching for new password vaults

February 2, 2023

After the 2022 LastPass breach, many organizations began searching for alternative password vault solutions. KeePass, a legacy open-source option has risen to the top for many organizations evaluating their options. Others have been using this option already for years. A recent POC demonstrating who to abuse the Trigger feature was released and assigned a CVE. While the KeePass developers are contesting the assignment of the CVE, we thought it would be valuable to break down exactly how the attack works and the risk it poses.

POC: https://github.com/alt3kx/CVE-2023-24055_PoC

KeePass Discussion: https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/

  • Browse by Category

  • Clear Form