Cyber Resilience

CVE-2023-24055

Medium

Published: 22 January 2023

Published
22 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score 0.4144 97.5th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-24055 is a medium-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Keepass Keepass. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

KeePass through version 2.53, in its default configuration, is vulnerable to credential disclosure via the application's XML configuration file. An attacker who can write to this file can insert an export trigger that causes the password manager to write stored entries to disk in cleartext, bypassing the normal encryption of the database. The issue is tracked as CWE-312 and carries a CVSS 3.1 score of 5.5, reflecting local access requirements.

An attacker with write access to the KeePass configuration file on a victim's workstation can add the malicious trigger and later retrieve the exported passwords. Because the attack relies on local file-system access rather than remote exploitation or a flaw in the database encryption itself, it is effective only against users whose systems are already partially compromised or who share configuration directories with untrusted accounts. The vendor maintains that the product is not designed to protect credentials against an adversary who already possesses this level of control over the local machine.

Public references consist primarily of vendor forum threads and technical write-ups that restate the vendor's position; no official patch or configuration change is offered. The associated EPSS score has remained near 0.41 since disclosure, indicating sustained but not sharply escalating exploitation interest.

EU & UK References

Vulnerability details

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not…

more

intended to be secure against an attacker who has that level of access to the local PC.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

keepass
keepass
≤ 2.53

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-312

Training on secure data handling discourages cleartext storage of sensitive information.

addresses: CWE-312

Data action mapping can detect storage actions that leave sensitive information in cleartext.

addresses: CWE-312

Configuration policies can mandate secure storage methods to avoid cleartext storage of sensitive information.

addresses: CWE-312

Policy requires protection measures such as encryption for sensitive data stored on media, preventing cleartext exposure.

addresses: CWE-312

Key-management policy requires protected storage of key material, preventing cleartext storage of sensitive cryptographic keys.

addresses: CWE-312

Requiring confidentiality protection for information at rest eliminates cleartext storage of sensitive data on persistent media.

addresses: CWE-312

Reduces cleartext storage of sensitive data when OPSEC identifies and mandates protection of key information artifacts.

References