Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Windows 10's included password manager can pose a security risk

Keeper is being installed by default in new Windows 10 installations. (Source: User ToppestofDogs on Reddit)
Keeper is being installed by default in new Windows 10 installations. (Source: User ToppestofDogs on Reddit)
A Google security researcher has discovered that the included third-party password manager in Windows 10, Keeper, comes with a security vulnerability that injects privileged UI into web apages that exposes a user's passwords.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! English native speakers welcome!

News Writer - Details here

A Google Project Zero researcher has discovered a security flaw in the password manager, Keeper that installs by default in new Windows 10 installations, even in MSDN copies. Keeper comes installed both as an app as well as an Edge addon. The researcher, Tavis Ormandy, who has filed a bug report with a 90 day disclosure deadline, discovered the browser addon to have a security flaw that injected privileged UI into web pages — in layman terms, that means hackers can steal your stored passwords when running the addon.

Ormandy had earlier reported the flaw regarding Keeper about 16 months ago but even in newer versions, the flaw apparently persisted as evidenced by this proof-of-concept page that exposed a user's Twitter password stored in Keeper.

In a statement, Microsoft has clarified to Ars Technica that the current bug found in new Windows 10 installations was different from the one Ormandy reported earlier and that the bug is now patched. Users should not have any issues if they have their apps and extensions up to date. But this report does raise some concerns about Microsoft's security measures for third-party apps and the screening process that they undergo. Although the issue would have only arisen if one specifically used Keeper to store their passwords, it still comes across as a glaring oversight by both Keeper developers and Microsoft to have the exploit for a considerable time in the wild before getting it patched.

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Source(s)

+ Show Press Release
static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Vaidyanathan Subramaniam
Vaidyanathan Subramaniam - Managing Editor - 1390 articles published on Notebookcheck since 2012
Though a cell and molecular biologist by training, I have been drawn towards computers from a very young age ever since I got my first PC in 1998. My passion for technology grew quite exponentially with the times, and it has been an incredible experience from being a much solicited source for tech advice and troubleshooting among family and friends to joining Notebookcheck in 2017 as a professional tech journalist. Now, I am a Lead Editor at Notebookcheck covering news and reviews encompassing a wide gamut of the technology landscape for Indian and global audiences. When I am not hunting for the next big story or taking complex measurements for reviews, you can find me unwinding to a nice read, listening to some soulful music, or trying out a new game.
contact me via: @Geeky_Vaidy
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 12 > Windows 10's included password manager can pose a security risk
Vaidyanathan Subramaniam, 2017-12-18 (Update: 2017-12-18)