Face Palm: Windows 10 Includes a Password Manager That Exposed Saved Passwords.
The bug allowed Keeper to inject its trusted user interface into untrusted web pages with a content script. This allowed websites to steal passwords from users through techniques such as clickjacking.
Latest Hacking News
Latest Hacking News
Tavis Ormandy, the same researcher, who found that Microsoft included the same password manager with Windows 10.
"I recently created a new Windows 10 virtual machine with a pristine MSDN image and I found a password manager called "Keeper".
Now it is installed by default.
"In addition, a similar error was found in this preinstalled password manager, which has been present for eight days.
Ormandy has also shared a proof-of-concept exploit which steals the user's Twitter password if it is saved in the Keeper application.
The bug is currently subject to a 90-day disclosure before it is made public.
In his report, Ormandy said he was generous in considering this new problem, which qualifies for the 90-day disclosure period.
Within 24 hours after sharing the bug update, Keeper's developers solved the problem.
Also, released an automatic update in the form of version 11.3.
According to the announcement, no clients using extensions were affected. The error remained present for eight days.
This problem emphasizes a major problem with the bloatware pre-installed with Windows 10.
Even if Microsoft chooses to unite with some external providers, it must use a severe review mechanism to avoid such incidents.
1 Comments
casa98 online gambling site Online casino The web is not directly through the agent.
ReplyDeleteThe Best Betting Sites.