Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password manager vulnerability?


  • Please log in to reply
No replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 PM

Posted 03 April 2017 - 07:52 PM

See the article at

https://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/

 

Fascinating discussion about the malware Keefarce that targets KeePass password manager. Keefarce uses DLL injection to "... call an existing KeePass export method to copy the contents of a currently open database to a CSV file. The resulting file contains user names, passwords, notes, and URLs all in clear text." The bottom line is that if one's computer is compromised, all bets are off as to whether the password manager one is using is secure. (True??) Note that malware similar to Keefarce could probably be written for other password managers. So KeePass is not alone with this vulnerability?

 

Big question:  Should we be concerned with this vulnerability?

 

Another question:  I currently store my passwords on paper. My laptop never leaves my home so I consider this reasonably secure. Any reason I should use a password manager?



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users