cvedb.io
CVE-2023-24055
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2023-01-22T04:15:11.560 · Last modified 2026-06-17T05:38:34.157

Summary

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

Affected products

keepass — keepass

Does this affect you?

Add your gear to cvedb and we'll alert you only when keepass ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.