Skip to Main Content
February 02, 2023

What this KeePass CVE means for organizations searching for new password vaults

Written by Carlos Perez
Research Security Program Assessment Vulnerability Assessment
https://youtu.be/OEaFaSjaZY4

After the 2022 LastPass breach, many organizations began searching for alternative password vault solutions. KeePass, a legacy open-source option has risen to the top for many organizations evaluating their options. Others have been using this option already for years. A recent POC demonstrating who to abuse the Trigger feature was released and assigned a CVE. While the KeePass developers are contesting the assignment of the CVE, we thought it would be valuable to break down exactly how the attack works and the risk it poses.

POC: https://github.com/alt3kx/CVE-2023-24055_PoC

KeePass Discussion: https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/