Jump to content
×
×
  • Create New...

Researcher releases Free Hacking Tool that Can Steal all Your Secrets from Password Manager


Ken

Recommended Posts

  • Moon
Unless we are a human supercomputer, remembering a different password for every different site is not an easy task.
 
But to solve this problem, there is a growing market of password managers and lockers, which remembers your password for every single account and simultaneously provides an extra layer of protection by keeping them strong and encrypted.
 
However, it seems to be true only until a hacker released a hacking tool that can silently decrypt and extract all usernames, passwords, as well as notes stored by the popular password managerKeePass.
 
Dubbed KeeFarce, the hacking tool is developed by Kiwi hacker Denis Andzakovic and is available on GitHub for free download.
 
 
 
 
Hackers can execute KeeFarce on a computer when a user has logged into their KeePass vault, which makes them capable of decrypting the entire password archive and then dumping it to a file that attackers can steal remotely.
 

How Does KeeFarce Work?

 
KeeFarce obtains passwords by leveraging a technique called DLL (Dynamic Link Library) injection, which allows third-party apps to tamper with the processes of another app by injecting an external DLL code.
 
The injected code then calls an existing KeePass export method to export the contents of a currently open database, including user names, passwords, notes, and URLs to a clear-text CSV file.
 
The key takeaway here is:
 
KeyFarce is just a password extraction tool that could work perfectly like a password Stealer for remote hacking when combined with a computer malware.

If that happens, it is game over as you'll have much bigger things to worry about since most of your data is generally logged in already.
 
While KeeFarce is specifically designed to target KeePass password manager, it is possible that developers can create a similar tool that takes advantage of a compromised machine to target virtually every other password manager available today.
Edited by Ken

Do not be sorry, be better.

Link to comment
Share on other sites

  • 1 month later...
  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.