Skip to main content

One post tagged with "KeePass"

View All Tags

๐Ÿ“ฆ Volatility3 Windows Plugin - KeePass

ยท 5 min read
k1nd0ne
k1nd0ne
Digital Forensics Spiderman

On May 1st, 2023, vdhoney1 raised concerns about a flaw he found impacting KeePass 2.X.2. Vdhoney claimed to be able to reconstruct the master password from memory. A POC 3 was later released by the researcher not only in dotnet but also in python34.

Today in this blog post we will describe the vulnerability and see how we can create a volatility3 plugin to help forensics investigators to retrieve passwords from memory.

Footnotesโ€‹

  1. https://sourceforge.net/u/v2023/profile/ โ†ฉ

  2. https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/ โ†ฉ

  3. https://github.com/vdohney/keepass-password-dumper โ†ฉ

  4. https://github.com/CMEPW/keepass-dump-masterkey โ†ฉ