Password-hacker tool KeeFarce can lift passwords from KeePass

By Jonathan Keane November 2, 2015

keefarce lift passwords from keepass tablet password logins — Image used with permission by copyright holder

A new tool has been developed that can decrypt and extract passwords from the password manager KeePass, which highlights how all password managers cannot be perfect.

Using a password manager may be a convenient way to manage your online security but they aren’t much use if your computer is already compromised.

Recommended Videos

The tool, KeeFarce, needs to run on a computer that a hacker or pentester already has access to or control of. When KeeFarce runs on this computer and the user has the KeePass database unlocked, the actor can decrypt the database and write the information onto a file that they can then access.

The key takeaway here is that the computer in question must already be compromised in order for KeePass to work. If the operating system has been compromised, it’s “game over,” said the creator of KeeFarce.

KeePass itself has warned users about potential attacks or spyware like this. It uses what is called process memory protection to encrypt the master passwords stored in the computer’s memory, which can help in preventing attacks such as these.

While this tool targets KeePass specifically, it is not unique to the password manager. Anyone with the know-how could potentially develop a similar tool that takes advantage of a compromised computer and as a result can extract a password manager’s data.

Password managers are very popular and useful but they are, like any other program, never 100 percent secure and if they ever do fail, it creates a gaping hole into all of your passwords.

Topics

Former Digital Trends Contributor

Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…

Computing

What is a password manager?

Username and password on a tablet screen.

How many passwords do you have? Is it 20 or more like 200? Let’s be honest, if you have more than a dozen passwords then you probably can’t remember them all, and luckily, you don’t have to.

You can make life a little easier by learning what a password manager is and what it can do for you. We’ll explain how a password manager works, what it does, and whether it’s safe to use.
What is a password manager?
With the number of passwords we all have to handle these days, a password manager eases the burden. It’s more secure than a pen and paper, more reliable than your memory, and a good way to organize your passwords for quick access.

Computing

Hackers targeted 1Password after Okta breach, but your logins are safe

A dark mystery hand typing on a laptop computer at night.

Security credentials like usernames and passwords are a tempting target for hackers, and even the best password managers can come under threat from time to time. That was the case recently with the popular password manager 1Password, which recently disclosed (via Bleeping Computer) that its Okta support system was breached by malicious hackers.

Fortunately, it doesn’t appear that any customer data was stolen, so if you use 1Password, your login info should be safe for now. However, it’s always good to regularly update your passwords (or use passkeys) just in case they fall into the wrong hands.

Computing

Hackers may have stolen the master key to another password manager

Open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.