Keepass Password Storage--Hacked! #keefarce #encryption #privacy
Oh no! My favorite passwork keeper is now vulnerable! I should have known it couldn't last:
If you are a KeePass user like me, then beware. denandz just posted a tool in github that can break your KeePass password safe. . .this tool is named KeeFarce. It allows extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url’s are dumped into a CSV file in %AppData%
Tools like KeeFarce reminds us that password managers could represent a single point of failure that could be exploited with severe repercussion by hackers.Fortunately, this appears to only affect Windows users, not GNU/Linux or Mac users. Thank goodness. In the meantime, you may want to encrypt your Keepass password file with something like Secure Space Encryptor (SSE), AEScrypt, or MiniLock for added protection.
- Mac/Windows/Linux computer?
- Chromebook or use Google Chrome?
- Try Minilock for individual file encryption
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure