Windows 10 Password Manager bug allows hackers to steal passwords

By: Costea Lestoc
2 minute read

Tavis Ormandy, a security researcher at Google, had recently discovered a vulnerability lurking in Windows 10’s Password Manager. This bug allows cyber attackers to steal passwords.

This flaw comes with the third-party Keeper password manager application that comes pre-installed on all Windows 10 devices. It seems that this flaw is quite similar to the one that the same security researcher discovered back in 2016.

Details regarding the cyber attack

Tavis Ormandy stated that he remembers filing a bug about the way that privileged UI was injected into pages. He claimed that this time it happens again the same thing that happened back in 2016 with the current version of Password Manager.

Tavis demonstrated the attack, and he shared all the necessary details in Project Zero. This bug seems to be subjected to a 90-day disclosure deadline, and this means that after these 90 days pass, Tavis will be free to share the complete details of this flaw and the manner in which it can be exploited publically.

According to him, he created a new Windows 10 VM with a pristine image from MSDN, and he noticed that a third-party password manager comes installed by default. After that, he found the critical vulnerability.

The issue is already flagged, and a fix was rolled out

Windows 10 Password Manager bugs

Keeper already flagged the problem a few days ago, and a new update was rolled out to fix it. The company discussed the issue in a blog post.

Keeper’s post states that all customers who are running the browser extension on Chrome, Edge, and Firefox already received Version 11.4.4 through their web browser extension update process. Users who are running the Safari extension can manually update to version 11.4.4 by visiting the company’s download page. Keeper also said that the mobile and desktop apps were not affected by this problem and they do not require updating.

To prevent any cyber attacks, we recommend that you keep all your apps updated. You can download the extension for Microsoft Edge from the Microsoft store.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading