The way I understand this, the attack works only when the database is open or something, right?
From the KeePass developer:
"KeeFarce is not a threat (and the developer of it apparently knows that, as he nowhere declares it as threat or attack).
This tool extracts information of a running KeePass process (with an open database) using a rather complicated method (using DLL injection). There are much simpler ways to achieve that. For example, a tool could send simulated keypresses to the KeePass window to export the data to a file (e.g. press Alt+F, E, Tab, Space, ...). Before that, a screenshot could be created and displayed above all windows in order to hide this procedure (and a user probably would not notice a screen freeze of one second).
Like others wrote before, the actual problem is running specialized malware. If you're doing this, everything's over; software cannot protect itself in such a case. I wrote about this before:
http://keepass.info/help/base/security.h...pecattacks"
So... nothing new. Or does the attacker need only the database file?
Your passwords cannot be safe if you catch some kind of malware, KeeFarce or not.
You could simply catch a keylogger and get your passwords compromised.
![[Image: X5qGkCg.png]](https://imgur.com/X5qGkCg.png)
![[Image: 0op1GNe.png]](https://i.imgur.com/0op1GNe.png)
![[Image: LgJ2mtP.png]](https://i.imgur.com/LgJ2mtP.png)
![[Image: vLZcFUE.png]](https://imgur.com/vLZcFUE.png)
![[Image: lrUHro3.jpg]](https://i.imgur.com/lrUHro3.jpg)
