Published: 10/03/2022 Updated: 28/10/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an malicious user to interact and read sensitive passwords and logs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
keepass keepass 2.48
fedoraproject fedora 35
fedoraproject extra packages for enterprise linux 7.0

Debian Bug report logs - #1008022 keepass2: CVE-2022-0725 information disclosure Package: keepass2; Maintainer for keepass2 is Debian CLI Applications Team <pkg-cli-apps-team@listsaliothdebianorg>; Source for keepass2 is src:keepass2 (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 20 ...

POC for KeePass [CVE-2022-0725]

CVE-2022-0725 POC for KeePass [CVE-2022-0725] Steps to Reproduce: Step 1: Run "journalctl -f" in a terminal window Step 2: Double click a password in KeePass Step 3: Wait for the clear timeout to trigger Actual results: See your plain text password logged in the terminal window Expected results: Never see your plain text password logged anywhere Reference

CWE-532 https://bugzilla.redhat.com/show_bug.cgi?id=2052696 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008022 https://nvd.nist.gov https://github.com/ByteHackr/keepass_poc

CVE-2022-0725

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect