{"uuid": "e60025fc-7ccf-4408-9c28-d726d927cfd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24055", "type": "exploited", "source": "https://t.me/DEVIL_La_RSx/204", "content": "\ud83d\ude08 [ Diego Capriotti  ]\n\nThis has been one of my favorites for a while, but now it's time to let it go.\nHere's my preferred way of getting the KeePass db that we often hunt for:\ndowngrade the executable to version 2.53, use CVE-2023-24055 and wait for the busy admin to trigger the dump of the database. \nThe target can remain clean and you can simply check for the dump creation.\nKeePass version 2.53 can still open kdbx created with the version 2.57 and if using a proper xml the user will likely notice nothing. \nUpdate alerts can also be disabled within the xml.\n\n\ud83d\udd17 https://gist.github.com/naksyn/6d5660dacd0730498a274b85d62a77e8\n\n\ud83d\udc25 [  ]", "creation_timestamp": "2024-10-31T10:33:07.000000Z"}