๐ฆ Volatility3 Windows Plugin - KeePass
ยท 5 min read
On May 1st, 2023, vdhoney1 raised concerns about a flaw he found impacting KeePass 2.X.2. Vdhoney claimed to be able to reconstruct the master password from memory. A POC 3 was later released by the researcher not only in dotnet but also in python34.
Today in this blog post we will describe the vulnerability and see how we can create a volatility3 plugin to help forensics investigators to retrieve passwords from memory.