Find a Question:
Researchers found vulnerabilities in password managers
Researchers at the Berkeley University vulnerabilities have been found in several password managers, including the popular LastPass. In the case of the LastPass bookmarklet was vulnerable; malicious websites could decrypt all passwords.
Password The researchers made their findings only now been published , even if it’s vulnerabilities that have been discovered in the summer of last year and for the most part at that time already been resolved. The researchers took five password managers under the microscope, including LastPass, but also Myllogin and RoboForm.
It is notable that one of the managers surveyed password, NeedMyPassword has never responded to the findings of the researchers and therefore still vulnerable. The other companies responded to emails within a week of the researchers and most security issues been resolved.
In the case of the LastPass bookmarklet could easily be abused by the website where a user used the bookmarklet. The website can be the keys used to protect passwords, read and then read the entire password database from the user. RoboForm and MyLlogin had similar vulnerabilities.
Almost all password managers were vulnerable to abuse from their websites, such as cross-site request forgery. It is from another website http request made to the password manager, which is interpreted as a command from the user. The password manager In the case of LastPass the URLs of websites for which passwords are stored could thereby be read, as well as encrypted passwords.
The researchers emphasize that password managers have the potential to be useful, but in practice they are able to properly ensure that users are less safe: the tools are indeed a single point of failure. When a user accesses a password manager, he has access to all passwords immediately, so the impact is greater.Viewing:-222
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!