CVE-2023-25428
📋 TL;DR
This DLL hijacking vulnerability in Soft-o Free Password Manager allows attackers to place malicious DLL files in directories where the application searches for them, leading to arbitrary code execution when the application loads those DLLs. Attackers could gain the same privileges as the user running the vulnerable software. All users of Soft-o Free Password Manager version 1.1.20 are affected.
💻 Affected Systems
- Soft-o Free Password Manager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the user, potentially leading to credential theft, data exfiltration, or lateral movement within the network.
Likely Case
Local privilege escalation or code execution in the context of the user running the password manager, allowing access to stored passwords and sensitive data.
If Mitigated
Limited impact if application runs with minimal privileges and proper file system permissions prevent DLL placement.
🎯 Exploit Status
Exploitation requires local access to place malicious DLL files. Public proof-of-concept details available on Packet Storm Security.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.soft-o.com/products/free-password-manager.html
Restart Required: No
Instructions:
No official patch available. Check vendor website for updates. Consider alternative password managers if no fix is forthcoming.
🔧 Temporary Workarounds
Restrict DLL Search Path
windowsUse Windows policies or application controls to restrict where the application can load DLLs from
Use Windows AppLocker or Software Restriction Policies to block DLL execution from untrusted locations
Run with Minimal Privileges
windowsRun the password manager with limited user privileges to reduce impact
Runas /user:standarduser "C:\Program Files\Soft-o\Password Manager\passwordmanager.exe"
🧯 If You Can't Patch
- Uninstall Soft-o Free Password Manager and use alternative password management solutions
- Implement strict file system permissions to prevent DLL placement in application directories
🔍 How to Verify
Check if Vulnerable:
Check if Soft-o Free Password Manager version 1.1.20 is installed. Attempt to place a test DLL in the application directory and see if it loads.Check Version:
Check application properties or About dialog in Soft-o Free Password ManagerVerify Fix Applied:
Verify that DLLs placed in application directories are not loaded by the application. Check for updated version from vendor.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing DLL loading from unexpected locations
- Process Monitor logs showing DLL search order
Network Indicators:
- Unusual outbound connections from password manager process
SIEM Query:
Process Creation where Image contains 'passwordmanager.exe' AND Parent Process contains 'explorer.exe'🔗 References
- https://packetstormsecurity.com/files/172259/Soft-o-Free-Password-Manager-1.1.20-DLL-Hijacking.html
- https://www.soft-o.com/products/free-password-manager.html
- https://packetstormsecurity.com/files/172259/Soft-o-Free-Password-Manager-1.1.20-DLL-Hijacking.html
- https://www.soft-o.com/products/free-password-manager.html
