I previously reported on CVE-2023-3278, which is a KeePass vulnerability that makes it possible to recover the master password even when the program is closed. There was a simple proof of concept tool that can be used to dump the master password from KeePass’s memory, and there was no fix available then. The fix is now available, it’s version 2.5.4, and arrived sooner than expected. All users of the 2.x branch are strongly recommended to upgrade to this new version. The new version also introduces other security enhancements that will provide additional security from attacks that modify the KeePass configuration file.
https://www.bleepingcomputer.com/news/security/keepass-v254-fixes-bug-that-leaked-cleartext-master-password/
This segment was created for the It’s 5:05 podcast