Get in touch now on

+61 7 3480 5121

Blog
Leaky Windows 10 password manager allows hackers to steal your data
18 December, 2017
This post was originally published on this site

A noted Google developer has discovered a troubling flaw in a popular password manager that Windows 10 installs by default. Hackers could get their hands on user passwords via clickjacking and/or malicious code-injection techniques.

Google Project Zero researcher Tavis Ormandy made the discovery while playing around with a Windows 10 virtual machine.

He offers a description of the vulnerability on chromium.org, the forum dedicated to the open-source projects behind the Chrome browser and Chrome OS.

“I’ve heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages,” writes Ormandy. “I checked and, they’re doing the same thing again with this version. … this is a complete compromise of Keeper security, allowing any website to steal any password.”

He offers a proof-of-concept to show how an attacker could leverage the flaw to steal someone’s Twitter password.

When the people behind Keeper caught wind of the news, they acknowledged the bug and rushed to fix it.

“To resolve this issue, we removed the ‘Add to Existing’ flow and have taken additional steps to prevent this potential vulnerability in the future,” the Keeper team writes on the company blog.

“Even though no customers were adversely affected by this potential vulnerability, we take all reported security issues, vulnerabilities and bug reports seriously,” the team says. “The security and protection of customer information and data is our top priority at Keeper. From the time we were notified of this issue, we resolved it and issued an automatic extension update to our customers within 24 hours.”

So far, there have been no reports of any customers affected by the bug, while the company’s mobile and desktop apps remain unaffected – only the browser extensions seem to be vulnerable.

Since the bug’s disclosure, the Keeper extensions for Edge,

read more ...

What our
Clients say

Product Finder

Search for products that match of these criteria:

 + Add row
Price:
System Diagnostic

  • Do you have five or more computers?
  • Do you have a server?
  • Is your data critical to your business?
  • Do you think IT could perform better?
  • Are you concerned about your IT security?
  • Do you need to be kept up to date?
  • Would you like your IT maintained?
Product Finder

Search for products that match of these criteria:

 + Add row
Price:

FREE UPDATES



CONTACT US

Phone:07 3480 5121

Address: 8 - 37 Flinders Parade, North Lakes

QLD 4509 Australia

Post: PO Box 128, Burpengary

QLD 4505 Australia