KeePass Looter: KeyFarce

Hi all,

An app that can steal passwords from the popular local storage vault KeePass was developed by a security researcher based in Auckland named Denis Andzakovic.

The jeu de mots KeyFarce dumps the passwords to a file when the user has logged into their vault, allowing the attackers to steal it. This does not necessarily pose a threat for KeePass or other password managers but gives an advantage to hackers.

Andzakovic published Keefarce to Github and the Full Disclosure mailing list, first noticed by Ars Technica

“One of the main uses of the tool is for penetration testers,” Andzakovic says.

“If you imagine a pen tester compromised a domain and wants to compromise say non-domain infrastructure, and he knows the sysadmin runs keep, if he pops the box he can loot Keepass passwords.”

KeeFarce leverages on DLL injection to export including usernames and passwords from unlocked KeePass databases into a cleartext CSV file.

Andzakovic also mentioned that it indicates broader security risk to the user and is not the fault of KeePass or other password vaults per se.

In its security statements KeePass mentions that the program protects against generic keyloggers and so on:


Source: Akati

Comments are closed.