KeePass Security Flaw Exposes Master Passwords in Cleartext
Originally Published 2 years ago — by PCWorld
A newly discovered vulnerability in KeePass password manager allows retrieval of the master password in plaintext, even when the database is locked or the program is closed. A fix is expected to arrive in early June, but even after upgrading to the fixed version of KeePass, the master password may still be viewable in the program’s memory files. Users can reduce their exposure by not letting untrusted individuals access their computer, using a good antivirus program, and changing their master password after upgrading. This appears to be only a proof-of-concept concern, rather than an active exploit.