Major security flaws found plaguing popular password managers: Details here
Password managers are vaults that generate strong passwords for online services and keep them locked. They're seen as a safe zone for storing passwords, but as it turns out, some of the popular password managers aren't doing their job as expected. They have been infected by severe vulnerabilities that make it easy for bad actors to steal confidential credentials. Here's more on the issue.
'Fundamental' vulnerabilities found in Independent research
In a recent study, Independent Security Evaluators investigated how 1Password, Dashlane, KeePass, and LastPass stored user passwords. They looked at the working of the password managers in unlocked and locked states and found they all failed to protect the credentials fully. They had flaws that, in some circumstances, exposed master passwords, ones that are used to access all stored passwords, in PC's memory.
This increases the risk of password theft
With problems like this, the researchers claimed, attackers could access master passwords from memory in plain, easily-readable text formats. Once that happens, they could use it to compromise the software in question and steal all the passwords stored within it. This led the group to conclude that all tested password managers failed to provide the security (they advertised) to protect confidential user data.
Lead investigator highlights how attackers could mine passwords
"Given the huge user base of people already using password managers, these vulnerabilities will entice hackers to target and steal data from these computers via malware attacks," ISE lead researcher, Adrian Bednarek, said while emphasizing on the potential risk from these flaws.
However, there are ways to stay protected
The news is a little disturbing but that doesn't mean you should ditch your password manager - even if it is one of the affected ones. Unless the workaround is available, ISE recommends to either use the password manager on mobile or keep it in a complete terminated state on PC. Plus, use two-factor authentication to ensure your password manager isn't compromised.
Also, try to stay from malicious programs
As an additional step, try to stay away from unknown programs as they may carry malware capable of giving remote access to your system. This could allow an attacker to access the content of your system's RAM, including the master passwords.