Login Sign Up

CVE-2024-33900

6.5 MEDIUM

📋 TL;DR

CVE-2024-33900 allows an attacker with local system access to recover cleartext KeePassXC credentials via memory dumping techniques. This affects KeePassXC users on systems where an attacker gains local privileges. The vendor disputes this as a vulnerability, stating it's inherent to memory management constraints.

💻 Affected Systems

Products:
  • KeePassXC
Versions: 2.7.7 and potentially earlier versions
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration. Requires attacker to have local system access and ability to dump process memory.

📦 What is this software?

Keepassxc by Keepassxc

View all CVEs affecting Keepassxc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all KeePassXC credentials stored in memory, leading to credential theft and potential lateral movement.

🟠

Likely Case

Local attacker with user privileges extracts some credentials from memory, potentially accessing sensitive accounts.

🟢

If Mitigated

Minimal impact if proper access controls prevent local privilege escalation and memory dumping tools are restricted.

🌐 Internet-Facing: LOW - This requires local system access, not remote exploitation.
🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this, but requires specific conditions and tools.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and memory dumping tools. Public PoC available in GitHub gist. Not remotely exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None - vendor disputes this as a vulnerability

Vendor Advisory: https://keepassxc.org/blog/2019-02-21-memory-security/

Restart Required: No

Instructions:

No official patch. Vendor considers this inherent to memory management. Consider workarounds or alternative password managers.

🔧 Temporary Workarounds

Minimize KeePassXC runtime

all

Close KeePassXC when not actively using it to reduce memory exposure window

Use secure desktop/lock workstation

all

Always lock workstation when stepping away to prevent local access

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized local system access
  • Use endpoint protection to detect and prevent memory dumping tools

🔍 How to Verify

Check if Vulnerable:

Check KeePassXC version. If version is 2.7.7 or earlier, system is potentially vulnerable.

Check Version:

keepassxc --version (Linux/macOS) or check About in KeePassXC GUI (Windows)

Verify Fix Applied:

No official fix available. Consider migrating to alternative password manager with better memory protection.

📡 Detection & Monitoring

Log Indicators:

  • Process memory dumping tools execution
  • Unauthorized access to KeePassXC process memory

Network Indicators:

  • None - local attack only

SIEM Query:

Process creation where command_line contains 'procdump', 'mimikatz', or similar memory dumping tools

📊 Metadata

CVE ID: CVE-2024-33900
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-316
Published: May 20, 2024
Last Updated: June 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33900, you might also want to check these:

CVE-2025-52579 9.4

Emerson ValveLink products store sensitive information like credentials or configuration data in cle...

Same vulnerability type (CWE-316)
CVE-2024-36792 8.2

This vulnerability in Netgear WNR614 routers allows attackers to obtain the WPS PIN through implemen...

Same vulnerability type (CWE-316)
CVE-2022-0835 8.1

AVEVA System Platform 2020 stores sensitive information in cleartext, allowing attackers or low-priv...

Same vulnerability type (CWE-316)