Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Keepass-password-dumper Alternatives
Similar projects and alternatives to keepass-password-dumper
-
keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
keepass-password-dumper reviews and mentions
- HackTheBox - Writeup Keeper [Retired]
- KeePass Memory Leakage Vulnerability Analysis - CVE-2023-32784
- /keepass-password-dumper: Original PoC for CVE-2023-32784
- KeePass 2.X Master Password Dumper (CVE-2023-32784)
- KeePass 2.X Master Password Dumper
-
KeePass exploit helps retrieve cleartext master password
The POC[0] doesn't quite match the CVE description (a rare case of the CVE sounding better), but it looks like KeePass basically is acting as a keylogger due to use of a UI control where every character typed is stored in memory. Your KeePass master password is likely already in your swap/hibernation files.
The master password can be recovered even after KeePass was running.
"No code execution on the target system is required, just a memory dump. It doesn't matter where the memory comes from - can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system. It doesn't matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it's been since then."
[0]: https://github.com/vdohney/keepass-password-dumper
- Keepass 0day poc released on the public. Fullname: “Keepass-password-dumper” bot
- GitHub - vdohney/keepass-password-dumper
-
A note from our sponsor - InfluxDB
www.influxdata.com | 5 May 2024
Stats
vdohney/keepass-password-dumper is an open source project licensed under MIT License which is an OSI approved license.
The primary programming language of keepass-password-dumper is C#.
Popular Comparisons
Sponsored