security-txt
keepass-password-dumper
security-txt | keepass-password-dumper | |
---|---|---|
9 | 15 | |
1,738 | 619 | |
0.0% | - | |
10.0 | 6.1 | |
over 1 year ago | 9 months ago | |
HTML | C# | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
security-txt
- Ask HN: I found a security issue on a (known) website, should I report it? How?
-
Why should you care about the "security.txt" file on your website?
A very, very long article to say "you should have a security.txt file, find an example at https://securitytxt.org/".
-
Ask HN: How to Submit Bugs to Shopify?
https://www.shopify.com/.well-known/security.txt (https://securitytxt.org/ standard)
- Security.txt now mandatory for Dutch government websites
-
Security.txt file now mandatory for Dutch government websites
You are looking in the wrong place. https://securitytxt.org/ proposes to create a text file called security.txt under the .well-known directory of your project.
So, the URL becomes:
- I have gained access to numerous GCloud Organizations by accident
-
I reported an IT security issue to Ecoflow and have been incredibly frustrated with the process
This is great. Would you please also implement RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116 or https://securitytxt.org) and give ever security researcher the chance to get in contact with you.
- [ENG] KeePass 2.X Master Password Dumper (CVE-2023-32784)
-
We should start to add “ai.txt” as we do for “robots.txt”
security.txt https://github.com/securitytxt/security-txt :
> security.txt provides a way for websites to define security policies. The security.txt file sets clear guidelines for security researchers on how to report security issues. security.txt is the equivalent of robots.txt, but for security issues.
Carbon.txt:
> A proposed convention for website owners and digital service providers to demonstrate that their digital infrastructure runs on green electricity.
"Work out how to make it discoverable - well-known, TXT records or root domains" https://github.com/thegreenwebfoundation/carbon.txt/issues/3... re: JSON-LD instead of txt, signed records with W3C Verifiable Credentials (and blockerts/cert-verifier-js)
keepass-password-dumper
- HackTheBox - Writeup Keeper [Retired]
- KeePass Memory Leakage Vulnerability Analysis - CVE-2023-32784
- /keepass-password-dumper: Original PoC for CVE-2023-32784
- KeePass 2.X Master Password Dumper (CVE-2023-32784)
- KeePass 2.X Master Password Dumper
-
KeePass exploit helps retrieve cleartext master password
The POC[0] doesn't quite match the CVE description (a rare case of the CVE sounding better), but it looks like KeePass basically is acting as a keylogger due to use of a UI control where every character typed is stored in memory. Your KeePass master password is likely already in your swap/hibernation files.
The master password can be recovered even after KeePass was running.
"No code execution on the target system is required, just a memory dump. It doesn't matter where the memory comes from - can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system. It doesn't matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it's been since then."
[0]: https://github.com/vdohney/keepass-password-dumper
- Keepass 0day poc released on the public. Fullname: “Keepass-password-dumper” bot
- GitHub - vdohney/keepass-password-dumper
What are some alternatives?
carbon.txt - A proposed convention for making it possible demonstrate that your infrastucture uses green power
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
bugbounty-resources
well-known-uris - Registry for Well Known URIs
datatxt-spec - data.txt: Specification
opengraph - A python module to parse the Open Graph Protocol
web-security-map
web-security-
joystick - A full-stack JavaScript framework for building stable, easy-to-maintain apps and websites.