CVE-2023-36266

MEDIUM

Keeper Password Manager <17.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36266. PoCs published by H4rk3nz0.

AI-analyzed exploit summary This exploit dumps plaintext credentials from Keeper Security's desktop application memory by scanning committed memory pages for JSON strings containing credentials and master passwords. It targets a specific process and extracts sensitive data using regex patterns.

Description

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).

Exploits (1)

exploitdb WORKING POC

by H4rk3nz0 · localmultiple

https://www.exploit-db.com/exploits/51623

View Code ZIP pw:eip

This exploit dumps plaintext credentials from Keeper Security's desktop application memory by scanning committed memory pages for JSON strings containing credentials and master passwords. It targets a specific process and extracts sensitive data using regex patterns.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Keeper Security Desktop App 16.10.2 & Browser Extension 16.5.4

No auth needed

Prerequisites: Low-privilege access to the target system · Keeper Security desktop app running

MITRE ATT&CK

T1003 - OS Credential Dumping T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory

https://harkenzo.tlstickle.com/2023-06-12-Keeper-Password-Dumping/

Various Sources

https://docs.keeper.io/en/enterprise-guide/keeper-forcefield

Various Sources

https://docs.keeper.io/en/release-notes/desktop/web-vault-+-desktop-app/vault-release-17.2

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/173809/Keeper-Security-Desktop-16.10.2-Browser-Extension-16.5.4-Password-Dumper.html

Scores

CVSS v3 5.5

EPSS 0.0084

EPSS Percentile 52.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (2)

keepersecurity/keeper 16.10.2

keepersecurity/keeperfill 16.5.4

Published Jul 12, 2023

Tracked Since Feb 18, 2026