KeePass Master Password Dumper (for Windows only)

For discussions about security.
Post Reply
User avatar
pp4mnklinux
Posts: 1137
Joined: Wed Aug 19, 2020 5:43 pm
Location: Edinburgh
Has thanked: 637 times
Been thanked: 283 times
Contact:

KeePass Master Password Dumper (for Windows only)

Post by pp4mnklinux »

KEEPASS, LASTPASS.... PASS WORD ¿?¿?¿?

They can break it.

https://github.com/vdohney/keepass-password-dumper

KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn't matter where the memory comes from - can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system. It doesn't matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it's been since then.

User avatar
Jasper
Posts: 2067
Joined: Wed Sep 07, 2022 1:20 pm
Has thanked: 854 times
Been thanked: 480 times

Re: KeePass Master Password Dumper

Post by Jasper »

........this applies to Windows.

This is a Linux forum.

AFAIK the issue can be resolved with the next update.

User avatar
pp4mnklinux
Posts: 1137
Joined: Wed Aug 19, 2020 5:43 pm
Location: Edinburgh
Has thanked: 637 times
Been thanked: 283 times
Contact:

Re: KeePass Master Password Dumper

Post by pp4mnklinux »

OOps, excuse my enormous error, I thought it could be useful for linux users, because I thought (wrong) keepass could be used in LINUX TOO.

https://www.youtube.com/watch?v=TIHf-X5rDU4

Excuse me again, and delete this post if you consider it incorrect.

Thanks a lot.

Jasper wrote: Thu May 18, 2023 6:04 pm

........this applies to Windows.

This is a Linux forum.

AFAIK the issue can be resolved with the next update.

User avatar
Jasper
Posts: 2067
Joined: Wed Sep 07, 2022 1:20 pm
Has thanked: 854 times
Been thanked: 480 times

Re: KeePass Master Password Dumper

Post by Jasper »

This refers to a vulnerability in .Net (Windows).

User avatar
MochiMoppel
Posts: 1237
Joined: Mon Jun 15, 2020 6:25 am
Location: Japan
Has thanked: 21 times
Been thanked: 439 times

Re: KeePass Master Password Dumper

Post by MochiMoppel »

pp4mnklinux wrote: Thu May 18, 2023 6:44 pm

I thought (wrong) keepass could be used in LINUX TOO.

KeyPass appimage for Linux: https://keepassxc.org/download/#linux

User avatar
pp4mnklinux
Posts: 1137
Joined: Wed Aug 19, 2020 5:43 pm
Location: Edinburgh
Has thanked: 637 times
Been thanked: 283 times
Contact:

Re: KeePass Master Password Dumper (for Windows only)

Post by pp4mnklinux »

Translate please

https://blog.elhacker.net/2023/05/vulne ... o-ram.html

It doesn't look Windows only but if I am wrong excuse my error and ignorance.

Cheers.

sfein1000
Posts: 96
Joined: Fri Mar 25, 2022 1:38 am
Been thanked: 4 times

Re: KeePass Master Password Dumper (for Windows only)

Post by sfein1000 »

According to makwarebytes
https://www.malwarebytes.com/blog/news/ ... ssword/amp

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation

It us saying the mast password is stored in memory and the app mentioned will read this info. The memory may get stored on the hard drive (page file or dump) and so can be accessed even after reboot.

Some other reading stated keepass uses its own text entry control in .net and is the cause. Supposedly fixed in v2.54 which is not out yet.

Malwarebytes downplays the risk since someone getting a memory dump from your computer would be noticeable but does state if you are concerned of someone getting your computer and doing this, they offer some suggestions.

As for keepassxc, that is a totally different application which reads and writes keepass database files. But it uses a different set of source code and they state are not at risk.

Sounds like risk is if you've used keepass. Switching to keepassxc won't help unless you change your master password.

Since keepass is windows only, this sounds like a windows exploit unless this can be mimicked in wine.

Post Reply

Return to “Security”