Vulnerability In Windows Password Manager 10 Allows Attackers To Steal Passwords
Cyber News 404 - A Google security researcher has found and helped fix a severe vulnerability in the Keeper, a Windows 10 password manager application that has been bundled by Microsoft with several Windows 10 distributions this year.
"I've heard of Keepers, I remember bugging a while ago about how to inject UI privileged into the page," said Google security researcher Tavis Ormandy who discovered the vulnerability recently.
"I checked and, they do the same thing again with this version," the expert added, referring to the Keeper app that bundled with several versions of Windows 10.
"I think I've been generous in mind this is a new issue that qualifies for ninety days disclosure, as I've really just changed the same selectors and attacks. Nevertheless, this is a complete Compromise Security Keeper, which allows websites to steal any passwords, "Ormandy added.
To prove its point, Ormandy also created a demo page where the Keeper user can see the vulnerability.
The Keeper Recognizes His Error And Issues Emergency Updates
This issue affects the version of browser extension Keeper version 11.3. Tim Keeper issued an update less than 24 hours after receiving Ormandy report.
The new Keepers browser version extension 11.4 is now pushed to the user, Lurey says. And it says that the "Add to Existing" feature with the problem is disabled until they fix the vulnerability inside.
Vulnerability Has Not Been Exploited
Craig Lurey (Co-Founder and CTO Keeper Security), said the company was not aware of any attacks using this vulnerability, nor did customers report security incidents where the bugs were misused.
0 Response to "Vulnerability In Windows Password Manager 10 Allows Attackers To Steal Passwords"
Post a Comment