Benjamin Kunz Mejri with Vulnerability Lab said he discovered the hole in a software filter and validation feature in KeePass, according to an email he sent to Kaspersky Lab’s Threatpost blog.
The hole could enable an attacker with access to a machine running the KeePass software to inject malicious script by passing the html/xml export feature in a specially crafted file.
To be successful, a hacker would need a manipulated URL with malicious script code; a logging server with read, write, and execute permissions; a listing file; and a valid KeePass v1.22 username.
Kunz Mejri explained that the vulnerability is remotely exploitable. "If I for example manipulate a login website with the malicious script code and you as keypass user save it via for example auto url type...then its [sic] definitely remote [sic] exploitable but requires low or medium user interaction", he wrote in the email.
KeePass creator Dominik Reichl told Threatpost: “The vulnerability is rather minor. An attacker would need to make a user import malicious data without noticing it, export the database to an HTML file, and open it." Reichl said a fix was ready and would be released with KeePass v1.23 in a few months.