TrustedSec - What this KeePass CVE means for organizations searching for new password vaults

After the 2022 LastPass breach, many organizations began searching for alternative password vault solutions. KeePass, a legacy open-source option has risen to the top for many organizations evaluating their options. Others have been using this option already for years. A recent POC demonstrating who to abuse the Trigger feature was released and assigned a CVE. While the KeePass developers are contesting the assignment of the CVE, we thought it would be valuable to break down exactly how the attack works and the risk it poses.

POC: https://github.com/alt3kx/CVE-2023-24055_PoC

KeePass Discussion: https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/

The post What this KeePass CVE means for organizations searching for new password vaults appeared first on TrustedSec.



from TrustedSec https://www.trustedsec.com/blog/what-this-keepass-cve-means-for-organizations-searching-for-new-password-vaults/

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"