That said, as shown in the screenshot above, it is possible to enable such confirmation prompts by disabling the “Export - No Key Repeat” setting. The malware could then exfiltrate this plaintext file to a command-and-control (C2) server, delivering the user’s passwords to a threat actor.īy default, KeePass doesn’t display a confirmation prompt requiring re-entry of a user’s master password when exporting the user’s password database. That said, a recently published proof-of-concept (PoC) exploit demonstrates that malware can inject KeePass’ export trigger into the program’s XML configuration file, forcing the application to silently export a user’s encrypted passwords into an unencrypted file the next time the user unlocks the password database. KeePass is one solution for implementing local password database protections combined with standard password management tools. Therefore, it’s good practice for users storing their passwords locally to do so in an encrypted format with tight security controls in order to protect against certain forms of attacks. Many threat actors distribute stealer malware specifically designed to exfiltrate login credentials, authentication tokens, and other sensitive information. Threat actors also target individual users’ computers with malware that can steal important files. However, simply storing your passwords in a plaintext file or spreadsheet isn’t a great idea. Given this threat, storing your own password database locally may be an attractive option. As the LastPass data breach has shown, threat actors will put in the work necessary to steal these databases, even if it takes multiple attacks to do so and the stolen data is encrypted. While these databases may be encrypted, encryption is crackable given enough time and computing power. Large databases of encrypted passwords stored on remote servers can make for attractive targets. KeePass, which stores encrypted passwords locally on users’ machines, doesn’t have the same potential downfalls as cloud-based password managers. The recent set of attacks on LastPass that ultimately resulted in the theft of users’ encrypted password vaults has sparked increased scrutiny of password managers in general. However, the KeePass developers argue that the possibility for such an attack should not be considered a vulnerability because a threat actor with write access to a computer could steal the user’s passwords in other ways. Threat actors could potentially leverage this trigger to export and access users’ passwords. At the center of this debate is KeePass’ support of triggers, one of which exports users’ password databases. The password manager KeePass is currently the subject of a debate concerning whether or not a particular design decision should be considered a security vulnerability.
0 Comments
Leave a Reply. |