[rwth-security] An attacker who has write access to the keepass configuration file

30 Jan 2023


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"An attacker who has write access to the keepass configuration file can modify it and inject malicious triggers""
--> siehe dazu auch [1] und [2]
--> ein PoC Unter Windows, den ich gesehen habe, hat das mit PowerShell zur
        Exfiltration genutzt
VG
Bernd
[0]
https://cert.be/en/warning-attacker-who-has-write-access-keepass-configurati...
[1]
https://keepass.info/help/kb/config_enf.html
[2]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24055
-- 

Bernd Kohler

IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
www.itc.rwth-aachen.de

Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/
https://www.facebook.com/itcenterrwth
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2024

2023

2022

2021

2020

2019

2018

[rwth-security] An attacker who has write access to the keepass configuration file