Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeePass.
The jeu de mots KeyFarce works when a user has logged into their vault, and will dump the contents to a file that attackers can steal.
It is no death knell for KeePass or other password managers, but is an extra bow in the quiver of attackers capable of compromising a target's machine.
For the users of KeePass here. I doubt you'll get affected by that in the near future, but I could see it being integrated in a malware and spread around.
More complete article on ArsTechnica: http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/
Edited by Aura, 03 November 2015 - 01:40 PM.