Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

KeeFarce Hacking tool steals encrypted credentials from KeePass password manager

KeeFarce is a recently released hacking tool that swipes encrypted credentials from the KeePass password manager through the DLL injection. A password manager is considered one of the most secure tools to archive strong passwords in a computer. Unfortunately, the presence of a malware on the PC can expose passwords even if they are stored […]

KeeFarce Hacking tool steals encrypted credentials from KeePass password manager

KeeFarce is a recently released hacking tool that swipes encrypted credentials from the KeePass password manager through the DLL injection.

A password manager is considered one of the most secure tools to archive strong passwords in a computer. Unfortunately, the presence of a malware on the PC can expose passwords even if they are stored with a password manager.

A hacking tool recently released subbed KeeFarce is able to silently decrypts all usernames, passwords, and notes stored by the popular KeePass password manager and transcribes them information into a file.

“Indeed, if the operating system is owned, then it’s game over,” explained to Ars, Denis Andzakovic researcher at Security Assessment and the creator of KeeFarce.

Hackers can execute the KeeFarce tool on a computer where a logged in user has unlocked the KeePass database, under this condition, KeeFarce is able to decrypt the entire password archive.

KeeFarce hacking tool KeePass

“The point of KeeFarce is to actually obtain the contents of the password database. Say a penetration tester has achieved domain admin access to a network but also wants to obtain access to networking hardware, non-domain infrastructure, etcetera. The tester can compromise a sysadmin’s machine and use the tool to swipe the password details from the KeePass instance the sysadmin has open.” added Andzakovic.

KeeFarce is able to bypass the process memory protection implemented by the KeePass password manager, it extracts the passwords from the database by injecting a dynamic link library code. The injected DLL is able to invoke an existing function in KeePass that exports the contents of a currently open database to an external file in CSV format. The extracted data is in clear text and includes user names, passwords, notes, and URLs.

The DLL injection is a common process to allow programs to interoperate, but it could be abused to insert malicious code in the context of a running application.

KeeFarce works against KeePass 2.28, 2.29 and 2.30 running on Windows 8.1 (32 and 64 bit), it should also work on older Windows machines.

Tools like KeeFarce reminds us that password managers could represent a single point of failure that could be exploited with severe repercussion by hackers.

Similar tools could be used to hack also other commercial password managers.

Pierluigi Paganini

(Security Affairs – KeeFarce, Password Manager)