KeePass hacked...on Windows

[Valtam]

Thought your favorite password manager was safe to use on Windows? Think again.

https://thehackernews.com/2015/11/passwo...acked.html

[Zead]

The way I understand this, the attack works only when the database is open or something, right?

From the KeePass developer:

"KeeFarce is not a threat (and the developer of it apparently knows that, as he nowhere declares it as threat or attack).

This tool extracts information of a running KeePass process (with an open database) using a rather complicated method (using DLL injection). There are much simpler ways to achieve that. For example, a tool could send simulated keypresses to the KeePass window to export the data to a file (e.g. press Alt+F, E, Tab, Space, ...). Before that, a screenshot could be created and displayed above all windows in order to hide this procedure (and a user probably would not notice a screen freeze of one second).

Like others wrote before, the actual problem is running specialized malware. If you're doing this, everything's over; software cannot protect itself in such a case. I wrote about this before:
http://keepass.info/help/base/security.h...pecattacks"

So... nothing new. Or does the attacker need only the database file?
Your passwords cannot be safe if you catch some kind of malware, KeeFarce or not.

You could simply catch a keylogger and get your passwords compromised.

[MarkZ]

From my understanding, the KeePass program must be open and logged into your keepass db (i.e. db must be decrypted)..then you are at risk.

[Valtam]

@MarkZ correct. And you only need port 22 open on a server to be open to a ssh attack. Point is, a vulnerability is still an attack vector. Close all the doors, stop the attack.