Windows 10 News and info | Forum
July 20, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Google finds a vulnerability in Windows 10’s Password Manager  (Read 354 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 30238

I Do Windows

WWW Email
« on: December 17, 2017, 04:37:10 AM »

Google’s Security Researcher Tavis Ormandy has discovered a bug in Windows 10’s Password Manager which allows attackers to steal passwords. The flaw is with third-party Keeper password manager app which comes installed Windows 10 devices. Tavis says that the flaw is similar to the one he discovered back in 2016.

I remember filing a bug a while ago about how they were injecting privileged UI into pages. “I checked and, they’re doing the same thing again with this version.

– Tavis Ormandy

Tavis demonstrated the attack and shared the details as a part of Project Zero. The bug is subjected to a 90-day disclosure deadline which means that once 90 days are up, Tavis is free to share the details about the bug and how to exploit it publically.

This might sound scary but Keeper has already flagged the issue and as of yesterday, a new update has been pushed to fix the issue. The company addressed it in a blog post:

All customers running Keeper’s browser extension on Edge, Chrome and Firefox have already received Version 11.4.4 through their respective web browser extension update process. Customers using the Safari extension can manually update to version 11.4.4 by visiting Keeper’s download page. No reports of any customers affected by this bug have been reported to Keeper. Mobile Apps and Desktop Apps were not affected and do not require updates.

Let's hope the new update fixes the issue and as an advisory, we recommend you have all the apps up-to-date to prevent any attacks. You can download the extension for Edge from the Microsoft Store.

« Last Edit: December 17, 2017, 05:09:41 AM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page June 29, 2019, 05:44:21 PM