KeePass, a password manager platform, said in a recent statement that they are disputing a vulnerability found by security experts, which involved hackers being able to export critical databases in plain text without being detected.
The vulnerability tracked as CVE-2023-24055 allows threat actors with permitted write access to alter a targeted system’s KeePass XML configuration file and activate a trigger that could allow them to export any database, such as those that contain usernames and passwords, in cleartext.
Experts initially recommended users secure databases by encrypting them via a master password, which would block hackers from accessing them. However, the altered XML configuration file export rule will be triggered upon users entering master passwords in a separate session. Thus, it will give way for hackers to access and steal the contents of the encrypted databases.
The KeePass system would not notify users during the malicious export process in the background.
Based on reports, while the malicious export process of the infiltrated databases is active in the background, the KeePass system would not notify users or request the master password as export confirmation. As a result, hackers can furtively complete their malicious activities without being detected.
Since the flaw has already been tracked with a CVE ID, KeePass’ development team was contacted. The researchers requested the developers to add a master password confirmation prompt for database export activities or release another app version where the export feature does not exist.
The KeePass developers were also asked to add a configurable flag which disables exportation unless a user enters a correct master password to change it.
Despite all these concerns from researchers and users, KeePass had deemed it questionable and said it should not have been considered a flaw. The password manager stressed that hackers with write access to a user’s device could also acquire the data inside a database through other ways and perform more damaging attacks.
Thus, the company underlines the importance of users implementing robust anti-virus tools or a firewall and being mindful of their online activities to evade potential hacks, particularly having a threat actor obtaining a KeePass write access to a device.
In the statement, the company said that it could not magically run a secure platform if an environment is insecure in the first place.
Since the password manager platform is eager not to release a patch for the vulnerability, experts highly encourage users to secure their databases by working as a system admin and establishing an enforced configuration file.
Users must also ensure that an anti-virus tool is activated in their devices and be mindful of staying safe from hackers.