Using a password manager is one of the biggest ways that average
computer users can keep their online accounts secure, but their
protection is pretty much meaningless when an end user’s computer is
compromised. Underscoring this often ignored truism is a recently
released hacking tool that silently decrypts all user names,
passwords, and notes stored by the KeePass password manager and
writes them to a file.
KeeFarce, as the tool has been dubbed, targets KeePass, but there’s
little stopping developers from designing similar apps that target
virtually every other password manager available today. Hackers and
professional penetration testers can run it on computers that they
have already taken control of. When it runs on a computer where a
logged in user has the KeePass database unlocked, KeeFarce decrypts
the entire database and writes it to a file that the hacker can
easily access.
Read the full article here. Hacking Tool Swipes Encrypted Data
