CVE-2022-0725 in KeePassinfo

Summary

by MITRE • 03/10/2022

A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 09/04/2025

The vulnerability identified as CVE-2022-0725 represents a critical information exposure flaw within the KeePass password manager software. This security weakness stems from the application's improper handling of sensitive data during logging operations, creating an avenue for unauthorized access to confidential credentials. The flaw specifically manifests when KeePass writes plain text passwords to system logs, thereby compromising the very data that the application is designed to protect. This issue directly violates fundamental security principles by exposing sensitive authentication information through unintended channels that should remain secure and isolated from unauthorized access.

From a technical perspective, the vulnerability arises from inadequate input validation and output sanitization within KeePass's logging mechanisms. When the password manager processes user credentials, it fails to properly mask or encrypt sensitive data before writing it to system log files. This flaw creates a persistent exposure where plain text passwords become accessible through standard system logging infrastructure that may be monitored by various system processes, administrators, or malicious actors with appropriate privileges. The vulnerability's impact extends beyond simple logging since system logs are often retained for extended periods and may be accessed by multiple system components, creating a prolonged window of exposure for compromised credentials.

The operational impact of CVE-2022-0725 is substantial and multifaceted, particularly given KeePass's widespread adoption across both personal and enterprise environments. Organizations that rely on KeePass for credential management face significant risk of credential theft, as attackers with access to system logs can extract plain text passwords and use them for unauthorized system access, account takeovers, or lateral movement within networks. This vulnerability particularly affects environments where logging is enabled and maintained, as the exposure occurs regardless of user awareness or security practices. The flaw also creates challenges for compliance with security frameworks such as pci dss, iso 27001, and nist cybersecurity framework, which mandate protection of sensitive information and proper handling of authentication data.

This vulnerability aligns with CWE-209, which describes "Information Exposure Through an Error Message," and more specifically with CWE-312, "Cleartext Storage of Sensitive Information," as the flaw involves storing sensitive data in an unencrypted format within system logs. The issue also maps to ATT&CK technique T1070.004, "Indicator Removal on Host: File Deletion," since compromised logs containing plain text credentials may be accessed and potentially modified by attackers. Organizations should implement immediate mitigations including disabling unnecessary logging of sensitive data, implementing proper log access controls, and ensuring that system logs are properly secured and monitored for unauthorized access attempts. The vulnerability highlights the critical importance of proper data sanitization and secure logging practices within security applications, particularly those handling sensitive authentication information.

Reservation

02/22/2022

Disclosure

03/10/2022

Moderation

accepted

CPE

ready

EPSS

0.02413

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!