KeePass Security Flaw Found


Vulnerability Lab researchers have uncovered a flaw in the open source KeePass Password Safe that could allow an attacker to steal a password lists.

"Researcher Benjamin Kunz Mejri of Vulnerability Lab said in an e-mail to Threatpost that he had discovered the hole in a software filter and validation feature in KeePass Password Manager up to and including v1.22," writes Threatpost's Paul Roberts. "If exploited, the hole would enable an attacker with access to a machine running the KeePass software to inject malicious script by passing the html/xml export feature a specially crafted file."

"Vulnerability Lab has provided a detailed exploitation scenario which requires only a medium level of user interaction," writes Softpedia's Eduard Kovacs. "First, the attacker sends the victim a specially crafted login page that contains a piece of code in the URL’s parameters. This script calls an HTML or a JavaScript which executes a chmod 777 command that gives full permissions to a file when processing local requests. The victim saves the URL via the 'auto type engine' module of the application, and later, when he/she wants to export the file as a plain HTML, the malicious script grabs its contents and sends it back to the attacker."

According to Kovacs, KeePass developer Dominik Reichl says the flaw will be patched with the release of version 1.23.