Hacking macOS: How to Dump 1Password & KeePassX Passwords in Plaintext

KeePassX and 1Password are effective against keyloggers and database breaches, but passwords managers rely on the operating system's clipboard to securely move credentials from the password vault to the web browser. It's within these few seconds that an attacker can dump the clipboard contents and exfiltrate passwords. Two scenarios come to mind with a clipboard-dumping attack geared toward password managers, and both utilize the pbpaste command found in all versions of macOS. Pbpaste will take any data found in the clipboard (including passwords) and write it to the standard output. Any... more