If You Use A Password Manager, It May Have Severe Vulnerabilities That Could Lead To Password Theft

There’s a report on ZDNet that flags the fact that several popular password managers apparently have flaws in them that can lead to password theft:

Independent Security Evaluators (ISE) published an assessment on Tuesday with the results of testing with several popular password managers, including LastPass and KeePass. The team said that each password management solution “failed to provide the security to safeguard a user’s passwords as advertised” and “fundamental flaws” were found that “exposed the data they are designed to protect.”

The vulnerabilities were found in software operating on Windows 10 systems. In one example, the master password which users need to use to access their cache of credentials was stored in PC RAM in a plaintext, readable format. ISE was able to extract these passwords and other login credentials from memory while the password manager in question was locked. It may be possible that malicious programs downloaded to the same machine by threat actors could do the same.

This report only covers a handful of password managers. So if you use a password manager that is not listed here, you might want to reach out to the company that makes it to see where they stand on this issue. However, you should also consider the following. To exploit what’s written in this report, you have to have hardware level access to a PC to the point where you can read RAM in order to get someone’s master password from their password manager. Or put another way, you would have to have physical control of the computer in question. That’s way too much effort. It would be much more efficient to install a keylogger and capture everything. But maybe I’m looking at this wrong?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: