KeeFarce fools KeyPass password manager into exporting its internal passwords database to CSV file

Denis Andzakovic, a security researcher for Security Assessment has released a tool that fools KeyPass password manager into exporting its internal passwords database to CSV file, using DLL injection. KeeFarce is also described as an in-memory looter for KeePass 2.x databases. See tool in GitHub.

keefarce keepass

KeeFarce leverages DLL injection to export the information (including usernames and passwords) of a running and unlocked KeePass Database into a cleartext CSV file. Source code and prebuilt executables.

As Andzakovic told ArsTechnica in an interview, KeePass provides process memory protection that encrypts master password keys and other sensitive data when stored in computer memory. That system goes a long way to preventing malicious apps from scraping random access memory and retrieving the credentials. KeeFarce obtains passwords using a different technique, known as DLL injection. The injected dynamic link library code calls an existing KeePass export method to copy the contents of a currently open database to a CSV file. The resulting file contains user names, passwords, notes, and URLs all in cleartext.

 
comments powered by Disqus