Skip to main content

Password-hacker tool KeeFarce can lift passwords from KeePass

keefarce lift passwords from keepass tablet password logins
Image used with permission by copyright holder
A new tool has been developed that can decrypt and extract passwords from the password manager KeePass, which highlights how all password managers cannot be perfect.

Using a password manager may be a convenient way to manage your online security but they aren’t much use if your computer is already compromised.

The tool, KeeFarce, needs to run on a computer that a hacker or pentester already has access to or control of. When KeeFarce runs on this computer and the user has the KeePass database unlocked, the actor can decrypt the database and write the information onto a file that they can then access.

The key takeaway here is that the computer in question must already be compromised in order for KeePass to work. If the operating system has been compromised, it’s “game over,” said the creator of KeeFarce.

KeePass itself has warned users about potential attacks or spyware like this. It uses what is called process memory protection to encrypt the master passwords stored in the computer’s memory, which can help in preventing attacks such as these.

While this tool targets KeePass specifically, it is not unique to the password manager. Anyone with the know-how could potentially develop a similar tool that takes advantage of a compromised computer and as a result can extract a password manager’s data.

Password managers are very popular and useful but they are, like any other program, never 100 percent secure and if they ever do fail, it creates a gaping hole into all of your passwords.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Hackers dug deep in the massive LastPass security breach
The LastPass logo appears in front of a menacing hooded figure.

The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company's transparency on this serious issue.

It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo's latest blog update, the company reported that several of its other products were compromised as well.

Read more
Using LastPass? You need to switch urgently, says security firm
A dark mystery hand typing on a laptop computer at night.

It’s a good idea to use one of the best password managers to keep your logins safe, but now a security company is warning that one of the most popular password managers in the world is not safe to use.

The extraordinary claim comes from Intego, a firm that specializes in Mac security. Intego made its assertion based on a series of security breaches LastPass has suffered in recent months, the way LastPass has responded to those incidents, and the underlying technology LastPass uses to protect customer accounts.

Read more
Hackers stole LastPass source code in data breach incident
lastpass on phone

Today, LastPass confirmed a data breach in a blog post describing the incident to its customers that rely on the company's products for online security. The company emphasized that customer data was not stolen in the breach, however, and that users do not have to do anything to secure their data.

In a post written by CEO Karim Toubba, LastPass stated the following:

Read more