After the 2022 LastPass breach, many organizations began searching for alternative password vault solutions. KeePass, a legacy open-source option has risen to the top for many organizations evaluating their options. Others have been using this option already for years. A recent POC demonstrating who to abuse the Trigger feature was released and assigned a CVE. While the KeePass developers are contesting the assignment of the CVE, we thought it would be valuable to break down exactly how the attack works and the risk it poses.
POC: https://github.com/alt3kx/CVE-2023-24055_PoC
KeePass Discussion: https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
Gloss