CVE-2022-0725 – CVE-2022-0725 is an information exposure vulner... (How to Fix)

Q: What is the severity of CVE-2022-0725?

CVE-2022-0725 has a CVSS score of 7.5 (HIGH). CVE-2022-0725 is an information exposure vulnerability in KeePass where plain text passwords are logged to system logs. This allows attackers with access to system logs to read sensitive passwords. All KeePass users with logging enabled are affected.

📋 TL;DR

CVE-2022-0725 is an information exposure vulnerability in KeePass where plain text passwords are logged to system logs. This allows attackers with access to system logs to read sensitive passwords. All KeePass users with logging enabled are affected.

💻 Affected Systems

Products:

KeePass

Versions: Versions prior to 2.50

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires logging to be enabled, which may be default in some configurations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to systems, read all logged passwords, and compromise multiple accounts and systems.

🟠

Likely Case

Local attackers or malware read system logs containing sensitive passwords, leading to credential theft.

🟢

If Mitigated

Limited exposure with only non-critical passwords logged or logs properly secured.

🌐 Internet-Facing: LOW - This is primarily a local information disclosure vulnerability.

🏢 Internal Only: HIGH - Internal attackers with system access can read logs containing plain text passwords.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to system logs where passwords are stored in plain text.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: KeePass 2.50 and later

Vendor Advisory: https://keepass.info/news/n220214_2.50.html

Restart Required: Yes

Instructions:

1. Download KeePass 2.50 or later from official website. 2. Install the update. 3. Restart KeePass. 4. Verify version is 2.50 or higher.

🔧 Temporary Workarounds

Disable logging

all

Disable KeePass logging to prevent password exposure in system logs.

In KeePass: Tools > Options > Advanced > uncheck 'Enable logging'

Secure system logs

all

Restrict access to system logs to prevent unauthorized reading.

Windows: icacls C:\Windows\System32\winevt\Logs\ /deny Users:(R)
Linux: chmod 600 /var/log/syslog

🧯 If You Can't Patch

Disable KeePass logging completely
Implement strict access controls on system log files

🔍 How to Verify

Check if Vulnerable:

Check KeePass version: Help > About. If version is below 2.50, you are vulnerable.

Check Version:

On Windows: check KeePass About dialog. On Linux: keepass2 --version

Verify Fix Applied:

Verify KeePass version is 2.50 or higher and check that logging is disabled or logs don't contain passwords.

📡 Detection & Monitoring

Log Indicators:

Plain text passwords in system logs
KeePass log entries containing sensitive data

Network Indicators:

None - this is a local information disclosure

SIEM Query:

EventLog WHERE Source='KeePass' AND Message CONTAINS 'password'

📊 Metadata

CVE ID: CVE-2022-0725

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: March 10, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=2052696 Issue Tracking,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2052696 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0725, you might also want to check these: