CVE-2023-32784 PoC — KeePass 安全漏洞

Source

https://github.com/mister-turtle/cve-2023-32784

Associated Vulnerability

Title:KeePass 安全漏洞 (CVE-2023-32784)
Description:KeePass是一款开源的密码管理器。 KeePass 2.54之前的2.x版本存在安全漏洞，该漏洞源于即使工作区被锁定或不再运行，也可以从内存转储中恢复明文主密码。

Readme

# CVE-2023-32784

KeePass 2.X < version 2.54 is susceptible to a vulnerability in which the master password may be retrievable from a memory dump of an unlocked KeePass database. This was assigned [CVE-2023-32784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784)

This program aims to retrieve the master password from a memory dump of a running KeePass process. It outputs potential characters by position, a potential passphrase on one line, and a JohnTheRipper mask.

## Installation

### With go installed
```sh
$ go install github.com/mister-turtle/cve-2023-32784@latest
```

### Pre-built binaries
Head to the [Releases page](https://github.com/mister-turtle/cve-2023-32784/releases) and get the latest pre-built binary for your system.

### Building from source
```sh
$ git clone github.com/mister-turtle/cve-2023-32784
$ cd cve-2023-32784
$ go buid .
```

## Usage
```
$ go run . --help
Usage of ./cve-2023-32784:
  -d string
        Path to the memory dump
```

File Snapshot


 [4.0K]  /data/pocs/ff25502172974fdd2cc92b5772650e89419dc061
├── [  58]  go.mod
├── [   0]  go.sum
├── [3.7K]  main.go
└── [ 984]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!