CVE-2023-24055
Published: 22 January 2023
Summary
CVE-2023-24055 is a medium-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Keepass Keepass. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
KeePass through version 2.53, in its default configuration, is vulnerable to credential disclosure via the application's XML configuration file. An attacker who can write to this file can insert an export trigger that causes the password manager to write stored entries to disk in cleartext, bypassing the normal encryption of the database. The issue is tracked as CWE-312 and carries a CVSS 3.1 score of 5.5, reflecting local access requirements.
An attacker with write access to the KeePass configuration file on a victim's workstation can add the malicious trigger and later retrieve the exported passwords. Because the attack relies on local file-system access rather than remote exploitation or a flaw in the database encryption itself, it is effective only against users whose systems are already partially compromised or who share configuration directories with untrusted accounts. The vendor maintains that the product is not designed to protect credentials against an adversary who already possesses this level of control over the local machine.
Public references consist primarily of vendor forum threads and technical write-ups that restate the vendor's position; no official patch or configuration change is offered. The associated EPSS score has remained near 0.41 since disclosure, indicating sustained but not sharply escalating exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-28119
Vulnerability details
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not…
more
intended to be secure against an attacker who has that level of access to the local PC.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Training on secure data handling discourages cleartext storage of sensitive information.
Data action mapping can detect storage actions that leave sensitive information in cleartext.
Configuration policies can mandate secure storage methods to avoid cleartext storage of sensitive information.
Policy requires protection measures such as encryption for sensitive data stored on media, preventing cleartext exposure.
Key-management policy requires protected storage of key material, preventing cleartext storage of sensitive cryptographic keys.
Requiring confidentiality protection for information at rest eliminates cleartext storage of sensitive data on persistent media.
Reduces cleartext storage of sensitive data when OPSEC identifies and mandates protection of key information artifacts.